lms/specs/001-add-dokploy-deploy/checklists/deployment-credentials.md

Dokploy Project-Level Secrets (deployment-credentials)

Purpose: document how to add and manage Dokploy project-level secrets that Dokploy will use to access repositories or external resources.

1. In Dokploy, open the project settings for this repository/project.
2. Navigate to "Secrets" or "Project-level secrets".
3. Add a secret named REPO_DEPLOY_KEY containing a deploy key or token the Dokploy runner can use to clone the Gitea repository (recommended: SSH key or personal access token with repo read access).
4. Add any other required secrets (e.g., registry credentials) and mark them as masked.
5. In project configuration, reference the secret names so Dokploy injects them into the deploy environment.

Security notes:

• Use least-privilege tokens (read-only where possible).
• Rotate keys periodically and document rotation steps in the runbook.
• Do not commit secrets into repository files; store them only in Dokploy secrets or an external vault.