diff --git a/tests/test_pagure_flask_ui_repo.py b/tests/test_pagure_flask_ui_repo.py
index b52c9a8..68f0902 100644
--- a/tests/test_pagure_flask_ui_repo.py
+++ b/tests/test_pagure_flask_ui_repo.py
@@ -110,6 +110,109 @@ class PagureFlaskRepotests(tests.Modeltests):
 
 
     @patch('pagure.ui.repo.admin_session_timedout')
+    def test_add_deploykey(self, ast):
+        """ Test the add_deploykey endpoint. """
+        ast.return_value = False
+
+        # No git repo
+        output = self.app.get('/foo/adddeploykey')
+        self.assertEqual(output.status_code, 404)
+
+        tests.create_projects(self.session)
+        tests.create_projects_git(self.path)
+
+        # User not logged in
+        output = self.app.get('/test/adddeploykey')
+        self.assertEqual(output.status_code, 302)
+
+        user = tests.FakeUser()
+        with tests.user_set(pagure.APP, user):
+            output = self.app.get('/test/adddeploykey')
+            self.assertEqual(output.status_code, 403)
+
+            ast.return_value = True
+            output = self.app.get('/test/adddeploykey')
+            self.assertEqual(output.status_code, 302)
+
+            # Redirect also happens for POST request
+            output = self.app.post('/test/adddeploykey')
+            self.assertEqual(output.status_code, 302)
+
+        # Need to do this un-authentified since our fake user isn't in the DB
+        # Check the message flashed during the redirect
+        output = self.app.get('/')
+        self.assertEqual(output.status_code, 200)
+        self.assertIn(
+            '</button>\n                      Action canceled, try it '
+            'again',output.data)
+
+        ast.return_value = False
+
+        user.username = 'pingou'
+        with tests.user_set(pagure.APP, user):
+            output = self.app.get('/test/adddeploykey')
+            self.assertEqual(output.status_code, 200)
+            self.assertIn('<strong>Add deploy key to the', output.data)
+
+            csrf_token = output.data.split(
+                'name="csrf_token" type="hidden" value="')[1].split('">')[0]
+
+            data = {
+                'ssh_key': 'asdf',
+                'pushaccess': 'false'
+            }
+
+            # No CSRF token
+            output = self.app.post('/test/adddeploykey', data=data)
+            self.assertEqual(output.status_code, 200)
+            self.assertTrue('<strong>Add deploy key to the' in output.data)
+
+            data['csrf_token'] = csrf_token
+
+            # First, invalid SSH key
+            output = self.app.post('/test/adddeploykey', data=data)
+            self.assertEqual(output.status_code, 200)
+            self.assertIn('<strong>Add deploy key to the', output.data)
+            self.assertIn('Deploy key invalid', output.data)
+
+            # Next up, multiple SSH keys
+            data['ssh_key'] = 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAzBMSIlvPRaEiLOTVInErkRIw9CzQQcnslDekAn1jFnGf+SNa1acvbTiATbCX71AA03giKrPxPH79dxcC7aDXerc6zRcKjJs6MAL9PrCjnbyxCKXRNNZU5U9X/DLaaL1b3caB+WD6OoorhS3LTEtKPX8xyjOzhf3OQSzNjhJp5Q==\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAzBMSIlvPRaEiLOTVInErkRIw9CzQQcnslDekAn1jFnGf+SNa1acvbTiATbCX71AA03giKrPxPH79dxcC7aDXerc6zRcKjJs6MAL9PrCjnbyxCKXRNNZU5U9X/DLaaL1b3caB+WD6OoorhS3LTEtKPX8xyjOzhf3OQSzNjhJp5Q=='
+            output = self.app.post(
+                '/test/adddeploykey', data=data, follow_redirects=True)
+            self.assertEqual(output.status_code, 200)
+            self.assertIn('Deploy key can only be single keys.', output.data)
+
+            # Now, a valid SSH key
+            data['ssh_key'] = 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAzBMSIlvPRaEiLOTVInErkRIw9CzQQcnslDekAn1jFnGf+SNa1acvbTiATbCX71AA03giKrPxPH79dxcC7aDXerc6zRcKjJs6MAL9PrCjnbyxCKXRNNZU5U9X/DLaaL1b3caB+WD6OoorhS3LTEtKPX8xyjOzhf3OQSzNjhJp5Q=='
+            output = self.app.post(
+                '/test/adddeploykey', data=data, follow_redirects=True)
+            self.assertEqual(output.status_code, 200)
+            self.assertIn(
+                '<title>Settings - test - Pagure</title>', output.data)
+            self.assertIn('<h3>Settings for test</h3>', output.data)
+            self.assertIn('Deploy key added', output.data)
+            self.assertNotIn('PUSH ACCESS', output.data)
+
+            # And now, adding the same key
+            output = self.app.post(
+                '/test/adddeploykey', data=data, follow_redirects=True)
+            self.assertEqual(output.status_code, 200)
+            self.assertIn('Deploy key already exists', output.data)
+
+            # And next, a key with push access
+            data['ssh_key'] = 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC9Xwc2RDzPBhlEDARfHldGjudIVoa04tqT1JVKGQmyllTFz7Rb8CngQL3e7zyNzotnhwYKHdoiLlPkVEiDee4dWMUe48ilqId+FJZQGhyv8fu4BoFdE1AJUVylzmltbLg14VqG5gjTpXgtlrEva9arKwBMHJjRYc8ScaSn3OgyQw=='
+            data['pushaccess'] = 'true'
+            output = self.app.post(
+                '/test/adddeploykey', data=data, follow_redirects=True)
+            self.assertEqual(output.status_code, 200)
+            self.assertIn(
+                '<title>Settings - test - Pagure</title>', output.data)
+            self.assertIn('<h3>Settings for test</h3>', output.data)
+            self.assertIn('Deploy key added', output.data)
+            self.assertIn('PUSH ACCESS', output.data)
+
+
+    @patch('pagure.ui.repo.admin_session_timedout')
     def test_add_user(self, ast):
         """ Test the add_user endpoint. """
         ast.return_value = False
@@ -386,6 +489,82 @@ class PagureFlaskRepotests(tests.Modeltests):
 
 
     @patch('pagure.ui.repo.admin_session_timedout')
+    def test_remove_deploykey(self, ast):
+        """ Test the remove_deploykey endpoint. """
+        ast.return_value = False
+
+        # Git repo not found
+        output = self.app.post('/foo/dropdeploykey/1')
+        self.assertEqual(output.status_code, 404)
+
+        user = tests.FakeUser()
+        with tests.user_set(pagure.APP, user):
+            output = self.app.post('/foo/dropdeploykey/1')
+            self.assertEqual(output.status_code, 404)
+
+            tests.create_projects(self.session)
+            tests.create_projects_git(self.path)
+
+            output = self.app.post('/test/dropdeploykey/1')
+            self.assertEqual(output.status_code, 403)
+
+            ast.return_value = True
+            output = self.app.post('/test/dropdeploykey/1')
+            self.assertEqual(output.status_code, 302)
+            ast.return_value = False
+
+        # User not logged in
+        output = self.app.post('/test/dropdeploykey/1')
+        self.assertEqual(output.status_code, 302)
+
+        user.username = 'pingou'
+        with tests.user_set(pagure.APP, user):
+            output = self.app.post('/test/settings')
+
+            csrf_token = output.data.split(
+                'name="csrf_token" type="hidden" value="')[1].split('">')[0]
+
+            data = {'csrf_token': csrf_token}
+
+            output = self.app.post(
+                '/test/dropdeploykey/1', data=data, follow_redirects=True)
+            self.assertEqual(output.status_code, 200)
+            self.assertIn(
+                '<title>Settings - test - Pagure</title>', output.data)
+            self.assertIn('<h3>Settings for test</h3>', output.data)
+            self.assertIn('Deploy key does not exist in project', output.data)
+
+        # Add a deploy key to a project
+        repo = pagure.lib.get_project(self.session, 'test')
+        msg = pagure.lib.add_deploykey_to_project(
+            session=self.session,
+            project=repo,
+            ssh_key='ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAzBMSIlvPRaEiLOTVInErkRIw9CzQQcnslDekAn1jFnGf+SNa1acvbTiATbCX71AA03giKrPxPH79dxcC7aDXerc6zRcKjJs6MAL9PrCjnbyxCKXRNNZU5U9X/DLaaL1b3caB+WD6OoorhS3LTEtKPX8xyjOzhf3OQSzNjhJp5Q==',
+            pushaccess=True,
+            user='pingou',
+        )
+        self.session.commit()
+        self.assertEqual(msg, 'Deploy key added')
+
+        with tests.user_set(pagure.APP, user):
+            output = self.app.post('/test/dropdeploykey/1', follow_redirects=True)
+            self.assertEqual(output.status_code, 200)
+            self.assertIn(
+                '<title>Settings - test - Pagure</title>', output.data)
+            self.assertIn('<h3>Settings for test</h3>', output.data)
+            self.assertNotIn('Deploy key removed', output.data)
+
+            data = {'csrf_token': csrf_token}
+            output = self.app.post(
+                '/test/dropdeploykey/1', data=data, follow_redirects=True)
+            self.assertEqual(output.status_code, 200)
+            self.assertIn(
+                '<title>Settings - test - Pagure</title>', output.data)
+            self.assertIn('<h3>Settings for test</h3>', output.data)
+            self.assertIn('Deploy key removed', output.data)
+
+
+    @patch('pagure.ui.repo.admin_session_timedout')
     def test_remove_user(self, ast):
         """ Test the remove_user endpoint. """
         ast.return_value = False
diff --git a/tests/test_pagure_lib_git.py b/tests/test_pagure_lib_git.py
index 9638b27..3512d7b 100644
--- a/tests/test_pagure_lib_git.py
+++ b/tests/test_pagure_lib_git.py
@@ -149,6 +149,122 @@ repo requests/forks/pingou/test3
         os.unlink(outputconf)
         self.assertFalse(os.path.exists(outputconf))
 
+    def test_write_gitolite_acls_deploykeys(self):
+        """ Test write_gitolite_acls function to add deploy keys. """
+        tests.create_projects(self.session)
+
+        repo = pagure.lib.get_project(self.session, 'test')
+        # Add two deploy keys (one readonly one push)
+        msg1 = pagure.lib.add_deploykey_to_project(
+            session=self.session,
+            project=repo,
+            ssh_key='ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDAzBMSIlvPRaEiLOTVInErkRIw9CzQQcnslDekAn1jFnGf+SNa1acvbTiATbCX71AA03giKrPxPH79dxcC7aDXerc6zRcKjJs6MAL9PrCjnbyxCKXRNNZU5U9X/DLaaL1b3caB+WD6OoorhS3LTEtKPX8xyjOzhf3OQSzNjhJp5Q==',
+            pushaccess=False,
+            user='pingou'
+        )
+        msg2 = pagure.lib.add_deploykey_to_project(
+            session=self.session,
+            project=repo,
+            ssh_key='ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC9Xwc2RDzPBhlEDARfHldGjudIVoa04tqT1JVKGQmyllTFz7Rb8CngQL3e7zyNzotnhwYKHdoiLlPkVEiDee4dWMUe48ilqId+FJZQGhyv8fu4BoFdE1AJUVylzmltbLg14VqG5gjTpXgtlrEva9arKwBMHJjRYc8ScaSn3OgyQw==',
+            pushaccess=True,
+            user='pingou'
+        )
+        self.session.commit()
+        self.assertEqual(msg1, 'Deploy key added')
+        self.assertEqual(msg2, 'Deploy key added')
+        # Add a forked project
+        item = pagure.lib.model.Project(
+            user_id=1,  # pingou
+            name='test3',
+            description='test project #2',
+            is_fork=True,
+            parent_id=1,
+            hook_token='aaabbbvvv',
+        )
+        self.session.add(item)
+        self.session.commit()
+
+        outputconf = os.path.join(self.path, 'test_gitolite.conf')
+
+        pagure.lib.git.write_gitolite_acls(self.session, outputconf)
+
+        self.assertTrue(os.path.exists(outputconf))
+
+        with open(outputconf) as stream:
+            data = stream.read()
+
+        exp = """
+repo test
+  R   = @all
+  RW+ = pingou
+  R = deploykey_test_1
+  RW+ = deploykey_test_2
+
+repo docs/test
+  R   = @all
+  RW+ = pingou
+  R = deploykey_test_1
+  RW+ = deploykey_test_2
+
+repo tickets/test
+  RW+ = pingou
+  R = deploykey_test_1
+  RW+ = deploykey_test_2
+
+repo requests/test
+  RW+ = pingou
+  R = deploykey_test_1
+  RW+ = deploykey_test_2
+
+repo test2
+  R   = @all
+  RW+ = pingou
+
+repo docs/test2
+  R   = @all
+  RW+ = pingou
+
+repo tickets/test2
+  RW+ = pingou
+
+repo requests/test2
+  RW+ = pingou
+
+repo somenamespace/test3
+  R   = @all
+  RW+ = pingou
+
+repo docs/somenamespace/test3
+  R   = @all
+  RW+ = pingou
+
+repo tickets/somenamespace/test3
+  RW+ = pingou
+
+repo requests/somenamespace/test3
+  RW+ = pingou
+
+repo forks/pingou/test3
+  R   = @all
+  RW+ = pingou
+
+repo docs/forks/pingou/test3
+  R   = @all
+  RW+ = pingou
+
+repo tickets/forks/pingou/test3
+  RW+ = pingou
+
+repo requests/forks/pingou/test3
+  RW+ = pingou
+
+"""
+        #print data
+        self.assertEqual(data, exp)
+
+        os.unlink(outputconf)
+        self.assertFalse(os.path.exists(outputconf))
+
     def test_write_gitolite_acls_groups(self):
         """ Test the write_gitolite_acls function of pagure.lib.git with
         groups.