Deploy SSH Keypairs with Reis (Flag Mode)
Create and manage SSH keypairs directly from the command line using Reis flag-mode commands.
Create and manage SSH keypairs directly from the command line using Reis flag-mode commands.
Create an SSH keypair
reis ssh_keypair:create \
--name "Production Deploy Key" \
--handle deploy-key \
--public_key_file ./keys/deploy.pub \
--private_key_file ./keys/deployThe public key file should contain the SSH public key line (e.g. ssh-rsa AAAA... user@host). The private key file should be PEM-encoded. The handle must be DNS-1123 compliant (lowercase alphanumeric and hyphens, max 63 characters).
List SSH keypairs
reis ssh_keypair:listShows a table with handle, name, fingerprint, algorithm, and creation date for each keypair.
Show details
reis ssh_keypair:show <keypair-id>Displays the full metadata including fingerprint, algorithm, and comment.
Rotate key material
reis ssh_keypair:rotate <keypair-id> \
--public_key_file ./keys/new-deploy.pub \
--private_key_file ./keys/new-deployCreates a new version and marks it current. The previous version is retained for rollback.
List versions
reis ssh_keypair:versions <keypair-id>Activate a previous version (rollback)
reis ssh_keypair:activate_version <keypair-id> <version-number>Delete an SSH keypair
reis ssh_keypair:delete <keypair-id>Add --force to skip the confirmation prompt. Deleting removes all versions, project attachments, and container wiring.
Attach to a project
reis project:attach <project-id> ssh_keypairs deploy-keySingular alias ssh_keypair is also accepted. The project-id is the UUID Reis returns from project:list or project:show.
Detach from a project
reis project:detach <project-id> ssh_keypairs deploy-keyIf a running container still mounts the keypair, detach is rejected with a 409 naming the blocking container — tear it down (or remove its ssh_keypairs block) and retry.