diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml
index 18e9f53..c1ebb95 100644
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -29,6 +29,8 @@ jobs:
       KEEP_N: "5"
       HEALTH_URL: https://stellaamor.com/
       SERVICE_RELOAD: "systemctl reload apache2 || true"
+      SSH_KEY_PATH: /home/gitea-runner/.ssh/id_ed25519
+
 
     steps:
       - name: Checkout (pure git)
@@ -38,39 +40,6 @@ jobs:
           git fetch --depth=1 origin "$GITHUB_SHA"
           git checkout -q "$GITHUB_SHA"
 
-      - name: Prepare isolated SSH dir
-        run: |
-          set -e
-          SSH_DIR="$(mktemp -d)"
-          echo "SSH_DIR=$SSH_DIR" >> $GITHUB_ENV
-          echo "SSH_KEY_PATH=$SSH_DIR/key" >> $GITHUB_ENV
-          install -m 700 -d "$SSH_DIR"
-
-      - name: Write SSH key
-        env:
-          SSH_KEY_STELLAAMOR: ${{ secrets.SSH_KEY_STELLAAMOR }}
-        run: |
-          set -e
-          umask 177
-          printf '%s' "$SSH_KEY_STELLAAMOR" > "$SSH_KEY_PATH"
-          chmod 600 "$SSH_KEY_PATH"
-
-      - name: Validate private key & show fingerprint
-        run: |
-          set -euo pipefail
-          ls -l ~/.ssh
-          # Check permissions
-          test -f ~/.ssh/deploy_stellaamor && chmod 600 ~/.ssh/deploy_stellaamor
-          # Fail if the key is passphrase-protected (ssh-keygen -y would prompt/fail)
-          if ! PUB=$(ssh-keygen -y -f ~/.ssh/deploy_stellaamor 2>/dev/null); then
-            echo "❌ The private key appears to be passphrase-protected or invalid."
-            exit 1
-          fi
-          echo "$PUB" > ~/.ssh/deploy_stellaamor.pub
-          ssh-keygen -lf ~/.ssh/deploy_stellaamor.pub
-
-
-
       - name: SSH smoke test
         run: ssh $SSH_OPTS -i "$SSH_KEY_PATH" ${SSH_USER}@${SSH_HOST} true