🔑 Using Multiple SSH Keys with WP Engine's Git Push
Originally published November 8, 2015 on an earlier version of this site, and recovered from an old GitHub repo while putting this site back together. The SSH/config pattern below is unchanged on macOS and modern WP Engine, but WP Engine's portal UI has been redesigned since I wrote this; the my.wpengine.com/installs/<site>/git_push URL no longer resolves as written. Follow WP Engine's current docs for the portal-side steps and use this post for the local SSH config and key generation pieces.
WP Engine has a great feature: the ability to push from your development environment (typically your local environment — VVV or MAMP or whatever) to a site's staging or production environments using git. You just use git push. Typically I use this for moving local changes to the staging server. It sure beats moving files via PHPStorm's deployment sync or manual FTP transfer.
WP Engine provides great instructions on setting up an SSH key so you can use the git push feature, but its instructions focus on using a single SSH key. This may not be advisable from a security perspective (shared keys between different sites/clients), and also looks unprofessional in the WP Engine web portal (a shared name between sites/clients). Therefore I thought it would be helpful to share how to configure multiple SSH keys.
Creating an SSH config file
The magic that will allow you to use multiple SSH keys is in the SSH config file. In the config file you can provide an entry for each SSH connection which should use a unique key. The following example will show you how to set up a SSH config file such that running the command
ssh your_site_name
will ssh into git.wpengine.com using a private key stored in ~/.ssh/your_site_name/id_rsa.
Open terminal and enter:
cd ~/.ssh/
mkdir your_site_name
nano config
Enter the following into the file:
Host your_site_name
User git
Hostname git.wpengine.com
PreferredAuthentications publickey
IdentitiesOnly yes
IdentityFile ~/.ssh/your_site_name/id_rsa
Press Control-X to exit.
Generating an SSH key
Now we have to create the SSH key we pointed to in the config file (IdentityFile). If you already know how to generate an SSH key feel free to skip ahead — just make sure the config file you created points to your private key. Otherwise, pop open terminal and run the following commands:
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
Save the key to ~/.ssh/your_site_name/id_rsa. Then:
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/your_site_name/id_rsa
pbcopy < ~/.ssh/your_site_name/id_rsa.pub
Configuring WP Engine
So far we've set up public/private SSH keys and a config file that helps route to them. Now we have to configure WP Engine. You'll want to be logged in under the account you'd like the SSH key associated with.
- Visit the Git Push section of your site's install in the WP Engine portal (the URL pattern was
https://my.wpengine.com/installs/your_site_name/git_pushin 2015; the portal layout has since changed — find the equivalent screen in the current dashboard). - Provide a developer name.
- Paste the copied public key (
~/.ssh/your_site_name/id_rsa.pub). - After about 10 minutes, test by running the following — and make note of the repo names returned for the next step:
ssh your_site_name info
Then add the remote:
cd your_git_repo_dir
git remote add staging your_site_name:staging/your_site_name.git
A couple of notes on that remote URL:
- The
your_site_namebefore the colon corresponds to theHostline in~/.ssh/config. - The
staging/your_site_nameafter the colon corresponds to the response fromssh your_site_name info.
Once that's set up you should be good to push using git as you normally would for WP Engine.