From f3045970707aae5c625ea6da299a9161fd090dc7 Mon Sep 17 00:00:00 2001
From: continuist <continuist02@gmail.com>
Date: Sun, 29 Jun 2025 15:11:17 -0400
Subject: [PATCH] Clarify who is running this command

---
 CI_CD_PIPELINE_SETUP_GUIDE.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/CI_CD_PIPELINE_SETUP_GUIDE.md b/CI_CD_PIPELINE_SETUP_GUIDE.md
index ba88750..69a576d 100644
--- a/CI_CD_PIPELINE_SETUP_GUIDE.md
+++ b/CI_CD_PIPELINE_SETUP_GUIDE.md
@@ -835,10 +835,19 @@ sudo systemctl restart docker
 
 #### 6.1 Generate SSH Key Pair
 
+**Important**: Run this command as the **DEPLOY_USER** (not root or SERVICE_USER). The DEPLOY_USER is responsible for deployment orchestration and SSH communication with the production server.
+
 ```bash
 ssh-keygen -t ed25519 -C "ci-cd-server" -f ~/.ssh/id_ed25519 -N ""
 ```
 
+**What this does**: 
+- Creates an SSH key pair for secure communication between CI/CD and production servers
+- The DEPLOY_USER uses this key to SSH to the production server for deployments
+- The key is stored in the DEPLOY_USER's home directory for security
+
+**Security Note**: The DEPLOY_USER handles deployment orchestration, while the SERVICE_USER runs the actual CI pipeline. This separation provides better security through the principle of least privilege.
+
 #### 6.2 Create SSH Config
 
 ```bash