I have a private project on gitlab.com and it has lots of “Publicly accessible deploy keys” that I didn’t add. I googled this problem but there is only one reference:
These are some of the keys:
Rewind
CFMM Ansible Deployment
LRM Puppet Test
gitlab-runner (lion)
deploy@jasmine
deployer@stridsberg.nu
test-server
gitlab-runner
kijkmijnhuis@SensioLabsInsight
What are they doing there?
I guess this is it:
https://docs.gitlab.com/ce/ssh/README.html#global-shared-deploy-keys
Global Shared Deploy keys allow read-only or read-write (if enabled) access to be configured on any repository in the entire GitLab installation. [emphasis mine]
I wonder why they are there though.
I have the same question. It’s quite worrying, is our private repo exposed to some public services?
Have you found out more about this? Actually it seems that you have to enable them first. So by default, they are disabled.