This article was on the hacker news frontpage. You can find the related discussion here. Every developer needs access to some servers for example to check the application logs. Usually, this is done using public-private key encryption where each developer generates their own public-private key pair. The public keys of each developer are added to the authorized_keys file on each server they should have access to. Painful manual changes So far so good.