Investigated this further, and found that per-project deploy keys are inherently flawed. For instance, if the project has private submodules linking to other projects, there is no way to use deploy keys to checkout the project as the key does not have permission to access other projects.

Considering that this added extra concepts without much benefits, I am closing it.

I know this is from 4 years ago, but has the idea of per-project deploy keys ever come up again?

There are instances where you want to have a sshkey only to have access to a project to read or write.

Right now, you have to create a user with an email and add an sshkey for each project.

How about using access token for deployment? It is now possible to generate access token for certain project.

Thanks @robin I'm going to try it out, but I noticed there is no documentation about personal tokens at all?

Access token can be managed like below:

Thanks, I figured it out before you posted this. I guess there will be documentation about this eventually?

Added to my task list for documenting this.