Skip to main content

Restricting deploy keys in your organization

To protect your organization's data, you can configure permissions for creating deploy keys in your organization.

Who can use this feature?

Organization owners.

You can choose whether members can create deploy keys for repositories in your organization.

By default, new organizations are configured to disallow the creation of deploy keys in repositories.

Organization owners can restrict the creation of deploy keys to help prevent sensitive information from being exposed. For more information, see "Best practices for preventing data leaks in your organization" and "Managing deploy keys." If you want more fine-grained control over permissions, consider using a GitHub App instead. See "GitHub Apps overview."

If your organization is owned by an enterprise account, you may not be able to configure this setting for your organization, if an enterprise owner has set a policy at the enterprise level. For more information, see "Enforcing repository management policies in your enterprise."

Warning

Changing this setting to disabled will result in existing deploy keys being disabled in all repositories in the organization. Scripts, apps, or workflows that create, use, or delete deploy keys will no longer work.

  1. In the upper-right corner of GitHub, select your profile photo, then click Your organizations.
  2. Next to the organization, click Settings.
  3. In the "Access" section of the sidebar, click Member privileges.
  4. Under "Deploy keys", review the information about changing the setting, click Enabled or Disabled.
  5. Click Save.