Servers & SSH Keys

SSH keys

SSH keys are the credentials SculptOps uses to connect to your servers. They are stored encrypted in the database using AES-256-GCM; only encrypted material is persisted.

Adding an existing key

Go to Settings - SSH Keys - Add key. Paste your PEM-encoded private key and add an optional passphrase if the key is passphrase-protected.

Generating a new key pair

Click Generate key pair. SculptOps stores the private key encrypted and shows the public key once so you can install it on your target servers.

# Add to authorized_keys on a target server
echo "ssh-ed25519 AAAA...your-pubkey...== sculptops" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

Key usage in executions

During a run, SculptOps decrypts the selected key only for the execution and makes it available to the isolated Ansible container. Temporary execution files are cleaned up when the run finishes.

Servers

A server entry stores connection metadata for a single host. Servers are independent of inventories; the same server can appear in multiple inventories.

Server fields

• NameA human-readable label.
• HostIP address or hostname.
• PortSSH port.
• UserSSH login username.
• SSH KeySelect from your stored keys.
• TagsOptional labels for filtering.
• NotesFree-text field for internal documentation.

Testing connectivity

Use the Test connection button on any server to verify SSH access before adding it to inventories or schedules.

Rotating SSH keys

To rotate a key without disrupting running playbooks:

1. Generate or import a new SSH key in SculptOps.
2. Add the new public key to target servers while keeping the old key active.
3. Update each server entry in SculptOps to use the new key.
4. Test connectivity for each server.
5. Remove the old public key from target servers.
6. Delete the old key from SculptOps.