How to Share SSH Keys Securely
An SSH private key is a skeleton key to your servers. Sharing it via Slack or email is like mailing your house key on a postcard. Here's the secure way.
Best Practice: Individual Keys
The gold standard is one key per person. If you're sharing because multiple people need server access, consider using ~/.ssh/authorized_keys with individual public keys instead. But when shared keys are unavoidable (deploy keys, CI/CD, legacy systems), use the method below.
When SSH Key Sharing is Unavoidable
- Deploy keys for CI/CD pipelines (GitHub Actions, GitLab CI)
- Shared service account access for production servers
- Legacy systems that don't support individual key management
- Temporary contractor access to specific hosts
- Emergency root access during incidents
Step-by-Step: Secure SSH Key Transfer
Prepare the Key File
Locate your SSH key file (id_rsa, id_ed25519, deploy_key.pem). If it's a text-based key, you can paste it directly. For binary formats (.ppk), upload as a file.
Upload to EnvShareApp
Go to envshare.app/create. Upload the key file or paste the key contents. Everything is encrypted in your browser (AES-256-GCM) — we never see the plaintext.
Secure the Link
Enable Email OTP verification for the specific person (devops@company.com). Set domain lock. Enable burn-on-read. Set TTL to 1-4 hours maxium.
Send Separately from Context
Send the link in one channel. Send the server hostname/IP in a different channel. Never combine "here's the key to server X" in one message.
Verify & Rotate
Check audit logs for delivery confirmation. Once the recipient confirms setup, rotate the key or add their personal public key to authorized_keys and revoke the shared one.
CLI Method
$ npx envshareapp upload ~/.ssh/deploy_key --ttl 2h --burn→ https://envshare.app/s/abc123#key...The key is encrypted, uploaded, and the link is displayed — all without leaving your terminal.