Deployment Keys

Deployment keys provide a secure way to authenticate CI/CD pipelines and automated workflows with Tilda. These keys are scoped to specific projects or sites, following the principle of least privilege.

Creating Deployment Keys

You can create deployment keys using the Tilda CLI. The key will be scoped to the specified project:

Create a project-scoped deployment key

Bash

tilda deployment-key create --project myproject

To create a key scoped to a specific site within a project:

Create a site-scoped deployment key

Bash

tilda deployment-key create --project myproject --site your-site

After creating a key, you'll receive a JSON response containing the key details. Make sure to save this information securely, as the private key will only be shown once.

Managing Keys

You can view and manage your deployment keys in the project settings page. Navigate to your project, click on "Settings", and scroll to the "Deployment Keys" section. Here you can:

View all deployment keys associated with your project
See which site a key is scoped to (if applicable)
Check when each key was created
Revoke keys that are no longer needed

Warning: Revoking a key is permanent and cannot be undone. Any CI/CD pipelines or automated workflows using the key will stop working immediately.

Using Keys in CI/CD

To use a deployment key in your CI/CD pipeline, set it as an environment variable:

CI/CD Environment Variables

YAML

# GitHub Actions
env:
  TILDA_CLI_INLINE_IDENTITY_JSON: ${{ secrets.TILDA_DEPLOYMENT_KEY }}

# GitLab CI
variables:
  TILDA_CLI_INLINE_IDENTITY_JSON: $TILDA_DEPLOYMENT_KEY

# CircleCI
environment:
  TILDA_CLI_INLINE_IDENTITY_JSON: ${TILDA_DEPLOYMENT_KEY}

Security Best Practices

Store deployment keys securely using your CI/CD platform's secrets management
Use site-scoped keys when possible to limit access
Regularly audit your deployment keys and revoke any that are no longer needed
Never share deployment keys across different projects or environments
Don't commit deployment keys to version control

Example Workflows

GitHub Actions

GitHub Actions Workflow

YAML

name: Deploy to Tilda
on:
  push:
    branches: [ main ]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Use Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '20.x'
      - name: Install dependencies
        run: npm ci
      - name: Install Tilda CLI
        run: npm install -g @tildacloud/cli
      - run: tilda build nextjs
      - name: Deploy
        env:
          TILDA_CLI_INLINE_IDENTITY_JSON: ${{ secrets.TILDA_DEPLOYMENT_KEY }}
        run: tilda deploy --project myproject --site mysite

GitLab CI

GitLab CI Pipeline

YAML

deploy:
  stage: deploy
  image: node:latest
  script:
    - npm install -g @tildacloud/cli
    - tilda build nextjs
    - tilda deploy --project myproject --site mysite
  only:
    - main

Troubleshooting

Invalid or Expired Key

If you receive an "Invalid credentials" error, make sure:

The deployment key hasn't been revoked
The environment variable is set correctly
The key has the necessary permissions for the operation

Permission Errors

If you get a permission error, verify that:

The key is scoped to the correct project/site
You're using the correct project and site names in your commands