We're excited to announce the release of Deployment Keys, a new feature that enhances security and simplifies continuous deployment workflows in Tilda. Deployment Keys provide a secure way to authenticate deployments without sharing user credentials, making it perfect for CI/CD pipelines and automated deployments.
What are Deployment Keys?
Deployment Keys are specialized authentication credentials that:
- Can be scoped to either a specific project or site
- Have limited permissions - they can only be used for deployments
- Are separate from user authentication
- Use secure public-key cryptography
Creating a Deployment Key
You can create a new deployment key using our CLI. The process is straightforward:
tilda deployment-key create --project my-project-slugTo create a key for a specific site within a project:
tilda deployment-key create --project my-project-slug --site my-site-slugAfter running the command:
- The CLI will generate a secure key pair
- You'll be provided a URL to authorize the key in your browser
- Once authorized, you'll receive an environment variable containing the deployment credentials
Using Deployment Keys in CI/CD
Once you have created a deployment key, you'll receive a TILDA_CLI_INLINE_IDENTITY_JSON environment variable. Add this to your CI/CD environment variables, and the Tilda CLI will automatically use it for authentication during deployments.
Here's an example GitHub Actions workflow:
name: Deploy to Tilda
on:
push:
branches: [ main ]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Tilda CLI
run: npm install -g @tildacloud/cli
- run: tilda build nextjs
- name: Deploy
env:
TILDA_CLI_INLINE_IDENTITY_JSON: ${{ secrets.TILDA_DEPLOYMENT_KEY }}
run: tilda deploy --project my-project --site my-siteManaging Deployment Keys
Once you've created deployment keys, you can view and manage them in your project's settings page. Navigate to your project settings and scroll down to the "Deployment Keys" section. Here you'll find a list of all deployment keys associated with your project.
For each deployment key, you can see:
- Key ID: A unique identifier for the key
- Service: If the key is scoped to a specific service
- Creation Date: When the key was created
If you need to revoke a key (for example, if it has been compromised), you can do so directly from the project settings page. Simply click the "Revoke" button next to the key you want to remove. Be careful though - this action cannot be undone, and any CI/CD pipelines using the revoked key will stop working immediately.
Security Best Practices
When working with deployment keys, remember to:
- Keep the
TILDA_CLI_INLINE_IDENTITY_JSONvalue secure and never commit it to your repository - Use site-scoped keys when possible to follow the principle of least privilege
- Regularly rotate keys, especially if you suspect they might have been compromised
- Use different keys for different environments (staging, production, etc.)
What's Next?
Deployment Keys are just the beginning of our efforts to make Tilda more secure and easier to use in automated workflows. We're working on additional features like key expiration policies and detailed audit logs for deployment activities.
For more information about Deployment Keys, check out our deployment keys documentation.