how to set up github secret keys and auto deploy on any vps
Learn how to automate deployments from GitHub to your VPS using GitHub Actions and SSH keys. Complete step-by-step guide with security best practices and troubleshooting tips.
Arman Ali
I specialize in building and maintaining scalable web applications, with a strong focus on performance, user experience, and backend efficiency. With over 4+ years of experience, I have evolved from a front-end expert into a full-stack developer proficient in both front-end and back-end development.
Continuous deployment is essential for modern development workflows. In this guide, we'll walk through setting up secure auto-deployment from GitHub to your Virtual Private Server (VPS) using GitHub Actions and secret keys.
Why Use GitHub Secrets?
GitHub Secrets allow you to store sensitive information securely in your repository without exposing credentials in your code. This includes:
- SSH private keys
- API tokens
- Database credentials
- Environment variables
By combining GitHub Secrets with GitHub Actions, you can create a fully automated deployment pipeline that triggers whenever you push code to your repository.
Prerequisites
Before we begin, ensure you have:
- A GitHub repository for your project
- A VPS with SSH access (DigitalOcean, Linode, AWS EC2, etc.)
- Basic familiarity with terminal commands
- Git installed locally and on your VPS
Step 1: Generate SSH Key Pair
First, generate an SSH key pair that will be used for secure communication between GitHub and your VPS.
On your local machine, run:
bashssh-keygen -t ed25519 -C "github-actions-deploy" -f ~/.ssh/github_deploy_keyThis creates two files:
github_deploy_key(private key) - stays with GitHubgithub_deploy_key.pub(public key) - goes on your VPS
Important: Never share or commit your private key. GitHub Secrets will keep it secure.
Step 2: Configure Your VPS
Add the Public Key to Your VPS
Copy the public key to your VPS's authorized keys:
bashssh-copy-id -i ~/.ssh/github_deploy_key.pub user@your-vps-ipAlternatively, manually add it:
bashcat ~/.ssh/github_deploy_key.pubThen on your VPS:
bashmkdir -p ~/.ssh
echo "your-public-key-content" >> ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keysPrepare Your Deployment Directory
On your VPS, create and configure the deployment directory:
bashmkdir -p /var/www/your-app
chown -R $USER:$USER /var/www/your-appStep 3: Add Secrets to GitHub
Navigate to your GitHub repository and add the necessary secrets:
- Go to Settings → Secrets and variables → Actions
- Click New repository secret
- Add the following secrets:
Required Secrets
SSH_PRIVATE_KEY
bashcat ~/.ssh/github_deploy_keyCopy the entire output (including -----BEGIN and -----END lines) and paste it as the secret value.
VPS_HOST
your-vps-ip-addressYour VPS IP address or domain name.
VPS_USERNAME
your-usernameThe SSH user on your VPS (often root, ubuntu, or deploy).
Optional Secrets
VPS_PORT
22SSH port (default is 22).
DEPLOY_PATH
/var/www/your-appThe absolute path where your application will be deployed.
Step 4: Create GitHub Actions Workflow
Create a workflow file in your repository at .github/workflows/deploy.yml:
yamlname: Deploy to VPS
on:
push:
branches:
- main
- production
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Setup SSH
run: |
mkdir -p ~/.ssh
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/deploy_key
chmod 600 ~/.ssh/deploy_key
ssh-keyscan -H ${{ secrets.VPS_HOST }} >> ~/.ssh/known_hosts
- name: Deploy to VPS
env:
HOST: ${{ secrets.VPS_HOST }}
USERNAME: ${{ secrets.VPS_USERNAME }}
DEPLOY_PATH: ${{ secrets.DEPLOY_PATH }}
run: |
ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no $USERNAME@$HOST << 'EOF'
cd ${{ secrets.DEPLOY_PATH }}
git pull origin main
# Install dependencies (adjust for your stack)
npm install --production
# Build your application
npm run build
# Restart your application service
pm2 restart your-app || pm2 start npm --name "your-app" -- start
EOFStep 5: Advanced Deployment Strategies
Using rsync for File Transfer
For projects without Git on the VPS, use rsync:
yaml- name: Deploy via rsync
run: |
rsync -avz -e "ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no" \
--exclude '.git' \
--exclude 'node_modules' \
./ ${{ secrets.VPS_USERNAME }}@${{ secrets.VPS_HOST }}:${{ secrets.DEPLOY_PATH }}Docker-based Deployment
For containerized applications:
yaml- name: Build and deploy Docker container
run: |
ssh -i ~/.ssh/deploy_key $USERNAME@$HOST << 'EOF'
cd ${{ secrets.DEPLOY_PATH }}
git pull origin main
docker-compose down
docker-compose up -d --build
EOFZero-Downtime Deployment
Implement blue-green deployment pattern:
yaml- name: Blue-Green Deployment
run: |
ssh -i ~/.ssh/deploy_key $USERNAME@$HOST << 'EOF'
# Deploy to staging directory
cd /var/www/staging
git pull origin main
npm install && npm run build
# Run tests
npm test
# Swap directories atomically
mv /var/www/production /var/www/backup
mv /var/www/staging /var/www/production
# Restart service
sudo systemctl restart your-app
EOFStep 6: Testing Your Deployment
Test your setup:
- Make a small change to your repository
- Commit and push to the branch specified in your workflow
- Navigate to Actions tab in your GitHub repository
- Watch the workflow execute in real-time
- Verify changes on your VPS
Troubleshooting Common Issues
Permission Denied (publickey)
- Ensure the public key is correctly added to
~/.ssh/authorized_keyson your VPS - Check file permissions:
~/.ssh(700) andauthorized_keys(600) - Verify the private key in GitHub Secrets is complete and unmodified
Host Key Verification Failed
- Add
ssh-keyscanstep to your workflow as shown above - Or use
-o StrictHostKeyChecking=no(less secure)
Deployment Script Fails
- Check the DEPLOY_PATH exists and has correct permissions
- Ensure your user has necessary permissions (consider using
sudowhere needed) - Review GitHub Actions logs for specific error messages
Application Not Restarting
- Verify your process manager (PM2, systemd, etc.) is configured correctly
- Check service status:
systemctl status your-app - Review application logs for runtime errors
Security Best Practices
- Use Deployment Keys: Create a dedicated SSH key for deployments, don't reuse personal keys
- Limit Permissions: Create a dedicated deployment user on your VPS with minimal permissions
- Restrict Branch Access: Only deploy from protected branches (main, production)
- Rotate Keys Regularly: Update SSH keys periodically and revoke old ones
- Use Environment-Specific Secrets: Separate secrets for staging and production environments
- Enable Two-Factor Authentication: Protect your GitHub account with 2FA
- Audit Secret Access: Regularly review who has access to repository secrets
- Use Read-Only Deployment Keys: When possible, use GitHub Deploy Keys with read-only access
Monitoring and Notifications
Slack Notifications
Add Slack notifications to your workflow:
yaml- name: Notify Slack
if: always()
uses: 8398a7/action-slack@v3
with:
status: ${{ job.status }}
text: 'Deployment to VPS completed'
webhook_url: ${{ secrets.SLACK_WEBHOOK }}Email Notifications
Configure email alerts in repository settings under Notifications for workflow failures.
Health Checks
Add a post-deployment health check:
yaml- name: Health check
run: |
sleep 10
curl --fail https://your-domain.com/health || exit 1Conclusion
You now have a fully automated deployment pipeline from GitHub to your VPS. Every push to your main branch will trigger a deployment, keeping your VPS synchronized with your repository.
This setup provides:
- ✅ Secure credential management with GitHub Secrets
- ✅ Automated deployments on every push
- ✅ Complete audit trail in GitHub Actions logs
- ✅ Rollback capability through Git history
- ✅ Scalable approach that works with any VPS provider
As your infrastructure grows, consider migrating to more sophisticated solutions like Kubernetes, AWS CodeDeploy, or dedicated CI/CD platforms. However, this GitHub Actions approach provides an excellent balance of simplicity, security, and automation for most projects.
Additional Resources
- GitHub Actions Documentation
- GitHub Encrypted Secrets
- SSH Key Management Best Practices
- Deploying with GitHub Actions
Ready to automate your deployments? Start implementing this workflow today and never manually SSH into your server for deployments again.
Written by
Arman Ali
I specialize in building and maintaining scalable web applications, with a strong focus on performance, user experience, and backend efficiency. With over 4+ years of experience, I have evolved from a front-end expert into a full-stack developer proficient in both front-end and back-end development.
Discussion(0)
Sign in to comment with your account, or fill in your name below as a guest.
Continue reading
Browse all →
EngineeringTop AI Coding Agents Compared: Cursor vs GitHub Copilot vs Windsurf
Compare Cursor, GitHub Copilot, and Windsurf - three leading AI coding assistants. Discover which tool best fits your workflow with our comprehensive feature analysis.
Arman Ali
Jun 9, 2026
EngineeringHow to Fast Replicate Any Website Using an AI Agent
Learn how AI agents revolutionize website replication, enabling developers to recreate complex web interfaces in minutes with precision and efficiency.
Arman Ali
Jun 9, 2026
EngineeringWill AI Replace Junior Developer
AI coding assistants are transforming junior developer roles, not replacing them. Success in the AI era requires mastering tools, fundamentals, and uniquely human skills.
Arman Ali
Jun 6, 2026