Every developer needs access to some servers for example to check the application logs. Usually, this is done using public-private key encryption where each developer generates their own public-private key pair. The public keys of each developer are added to the authorized_keys file on each server they should have access to. Painful manual changes So far so good. However, what happens when one developer leaves the company? In that case, the public keys of that developer should be removed from all servers.