In the documentation, it’s described how to add keys to the container to be able to have greater control. https://circleci.com/docs/2.0/configuration-reference/#add_ssh_keys
This adds the private keys configured in the UI to filesystem.
In our organization, anyone can push on feature branches. This makes it possible for them to add the following lines to the config.yml file and dump all the private keys which were configured.
Is there a recommended flow or setup to avoid this?