In DeployHQ, you can upload your own custom keypair to one or more projects. This might be useful if you have a number of different projects all deploying to the same servers, or if you want to **rotate/replace the public key** that DeployHQ uses for a project.

## Regenerating the project SSH key

The quickest way to rotate a project's SSH key is to use the **Regenerate Key** button on the project's **Repository** settings page. Pick your preferred algorithm (ED25519 is recommended) and click Regenerate. DeployHQ will replace the project's key pair in place.

After regenerating, you'll need to install the new public key in two places before deploys will work:

- Your repository host's deploy keys (GitHub, Bitbucket, GitLab, Codebase, etc.) -- the old public key on the provider no longer matches the new private key DeployHQ holds
- Each server's `~/.ssh/authorized_keys` file

The new public key is shown on the same Repository settings page, ready to copy.

## Uploading your own key

If you would rather supply your own key pair instead of using one DeployHQ generates, you can **generate an SSH key locally and upload the private key to your project**. DeployHQ will then expose the matching public key for you to copy into your repository host and servers.

## Uploading a custom key pair

To upload a new key pair, head to the configuration page for one of your SSH servers in any project, then below the current public key you'll find a link to **upload a private key**. Click this link, then upload your *private key* by pasting it in the dialog, then clicking **Upload Private Key**;

{screenshot: 99}

Please note that any previously connected services, in particular your repository, will require updating if you upload a custom key, as the same SSH key pair is used to connect to both your repository, and any configured servers in your project. After uploading, copy the new public key from the project and re-add it to:

- Your repository host (GitHub, Bitbucket, GitLab, Codebase, etc.)
- Each server's `~/.ssh/authorized_keys` file

### Generating an SSH key

If you are generating an SSH key locally, depending on which key type you wish to generate, you will need to run one of the following commands:

```bash
## ED25519 (recommended)

$ ssh-keygen -t ed25519 -m PEM

## RSA

$ ssh-keygen -t rsa -m PEM
```

And ensure you skip the option to add a passphrase by hitting enter twice on your keyboard. You can then copy the private key into DeployHQ once it has been generated.