Can we hide the SSH keys in the website?

I find out anyone can see my SSH keys in the sub directory of gitlab as “api/v4/users/…/keys”, here “…” means username of me. So my question is can we hide this information but not influence the use of SSH keys?

All they can see is the public key, and with that on it’s own they cannot do anything with it. An ssh key has two parts, private and public. Let’s use an RSA key as an example, you therefore have id_rsa file and id_rsa.pub.

The id_rsa.pub is what you put on servers that you want to connect to, and this is what normally is in your Gitlab profile. The id_rsa private key is the one you never show anyone. If anyone sees or has access to this, then they can connect to servers as you. If this private key is compromised, stolen, then you need to delete and stop using it, removing the public key from profiles and servers that you connect to.

Therefore, hiding the public key part doesn’t really do anything for you, it doesn’t compromise your security. The private key, will however compromise.

Thanks for your reply!

By the way, besides the consideration of security, can we just close this website to let others not see even the public key?

Perhaps open an issue here and ask Gitlab if they can do it: Issues · GitLab.org / GitLab · GitLab

I expect there is a reason it is like that. I don’t work for Gitlab so cannot tell you why.