Skip to content

fix: allow members to use SSH keys for deployments without full access#4168

Merged
Siumauricio merged 1 commit intocanaryfrom
fix/ssh-key-member-access
Apr 6, 2026
Merged

fix: allow members to use SSH keys for deployments without full access#4168
Siumauricio merged 1 commit intocanaryfrom
fix/ssh-key-member-access

Conversation

@Siumauricio
Copy link
Copy Markdown
Contributor

@Siumauricio Siumauricio commented Apr 6, 2026
edited by greptile-apps bot
Loading

What is this PR about?

Members couldn't use admin-managed SSH keys for git-based deployments without having Access to SSH Keys permission, which also exposed the SSH Keys management panel. This was a regression introduced in v0.28.7 with the new RBAC system.

Added a new allForApps endpoint in the SSH key router that uses protectedProcedure (authenticated only, no permission check) and returns only sshKeyId and name. The git provider dropdowns now use this endpoint instead of all, so members can select SSH keys for their apps without needing access to the SSH Keys management panel.

Checklist

  • You created a dedicated branch based on the canary branch.
  • You have read the suggestions in the CONTRIBUTING.md file https://github.com/Dokploy/dokploy/blob/canary/CONTRIBUTING.md#pull-request
  • You have tested this PR in your local instance. If you have not tested it yet, please do so before submitting. This helps avoid wasting maintainers' time reviewing code that has not been verified by you.

Issues related (if applicable)

closes #4069

Screenshots (if applicable)

N/A

Greptile Summary

Adds a new allForApps tRPC endpoint on the SSH key router using protectedProcedure (authentication only, no permission check) that returns only sshKeyId and name, scoped to the caller's active organization. Both git-provider dropdowns switch from sshKey.all to sshKey.allForApps, restoring the ability for members to select SSH keys for deployments without the SSH Keys management permission.

Confidence Score: 5/5

This PR is safe to merge — the fix is minimal, correct, and does not expose any sensitive SSH key material.

The new endpoint is properly scoped by organizationId (matching the existing all endpoint pattern), returns only non-sensitive fields (id and name, no private key material), and requires authentication via protectedProcedure. No P0 or P1 issues found.

No files require special attention.

Reviews (1): Last reviewed commit: "fix: allow members to use SSH keys for d..." | Re-trigger Greptile

@Siumauricio
fix: allow members to use SSH keys for deployments without full SSH k…
343514d 
…ey access

Add allForApps endpoint that returns only sshKeyId and name using protectedProcedure instead of withPermission, so members can select SSH keys in the git provider dropdown without needing access to the SSH Keys management panel.

closes #4069
@dosubot dosubot bot added the size:S This PR changes 10-29 lines, ignoring generated files. label Apr 6, 2026
@Siumauricio Siumauricio merged commit 4a1b428 into canary Apr 6, 2026
5 checks passed
@Siumauricio Siumauricio deleted the fix/ssh-key-member-access branch April 6, 2026 00:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

size:S This PR changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Users cannot use admin-managed global SSH keys without "Access to SSH Keys" permission since v0.28.7

1 participant

@Siumauricio