diff --git a/app/observers/project_observer.rb b/app/observers/project_observer.rb
index 32004503fbf..cc2a0224b72 100644
--- a/app/observers/project_observer.rb
+++ b/app/observers/project_observer.rb
@@ -15,11 +15,10 @@ class ProjectObserver < ActiveRecord::Observer
   def after_destroy(project)
     GitoliteWorker.perform_async(
       :remove_repository,
-      self.path_with_namespace
+      project.path_with_namespace
     )
 
     project.satellite.destroy
-    project.destroy_repository
 
     log_info("Project \"#{project.name}\" was removed")
   end
diff --git a/app/workers/post_receive.rb b/app/workers/post_receive.rb
index 17ccfae21ec..6e2d0e7aba2 100644
--- a/app/workers/post_receive.rb
+++ b/app/workers/post_receive.rb
@@ -27,8 +27,9 @@ class PostReceive
              User.find_by_email(email) if email
            elsif /^[A-Z0-9._%a-z\-]+@(?:[A-Z0-9a-z\-]+\.)+[A-Za-z]{2,4}$/.match(identifier)
              User.find_by_email(identifier)
-           else
-             User.find_by_username(identifier.strip)
+           elsif identifier =~ /key/
+             key_id = identifier.gsub("key-", "")
+             Key.find_by_id(key_id).try(:user)
            end
 
     unless user
diff --git a/lib/api/internal.rb b/lib/api/internal.rb
index c12605841ab..576b64d04c3 100644
--- a/lib/api/internal.rb
+++ b/lib/api/internal.rb
@@ -1,23 +1,37 @@
 module Gitlab
-  # Access API
+  # Internal access API
   class Internal < Grape::API
+    namespace 'internal' do
+      #
+      # Check if ssh key has access to project code
+      #
+      get "/allowed" do
+        key = Key.find(params[:key_id])
+        user = key.user
 
-    get "/allowed" do
-      user = User.find_by_username(params[:username])
-      project = Project.find_with_namespace(params[:project])
-      action = case params[:action]
-               when 'git-upload-pack'
-                 then :download_code
-               when 'git-receive-pack'
-                 then
-                 if project.protected_branch?(params[:ref])
-                   :push_code_to_protected_branches
-                 else
-                   :push_code
+        project = Project.find_with_namespace(params[:project])
+        action = case params[:action]
+                 when 'git-upload-pack'
+                   then :download_code
+                 when 'git-receive-pack'
+                   then
+                   if project.protected_branch?(params[:ref])
+                     :push_code_to_protected_branches
+                   else
+                     :push_code
+                   end
                  end
-               end
 
-      user.can?(action, project)
+        user.can?(action, project)
+      end
+
+      #
+      # Discover user by ssh key
+      #
+      get "/discover" do
+        key = Key.find(params[:key_id])
+        present key.user, with: Entities::User
+      end
     end
   end
 end
diff --git a/spec/lib/gitolite_spec.rb b/spec/lib/shell_spec.rb
similarity index 77%
rename from spec/lib/gitolite_spec.rb
rename to spec/lib/shell_spec.rb
index 2705298876f..1c546e59235 100644
--- a/spec/lib/gitolite_spec.rb
+++ b/spec/lib/shell_spec.rb
@@ -1,16 +1,15 @@
 require 'spec_helper'
 
-describe Gitlab::Gitolite do
+describe Gitlab::Shell do
   let(:project) { double('Project', id: 7, path: 'diaspora') }
-  let(:gitolite) { Gitlab::Gitolite.new }
+  let(:gitolite) { Gitlab::Shell.new }
 
   before do
     Project.stub(find: project)
   end
 
-  it { should respond_to :set_key }
+  it { should respond_to :add_key }
   it { should respond_to :remove_key }
-
   it { should respond_to :add_repository }
   it { should respond_to :remove_repository }
 
diff --git a/spec/models/project_spec.rb b/spec/models/project_spec.rb
index 6e67ca8233d..3dccb482375 100644
--- a/spec/models/project_spec.rb
+++ b/spec/models/project_spec.rb
@@ -77,8 +77,6 @@ describe Project do
     it { should respond_to(:url_to_repo) }
     it { should respond_to(:repo_exists?) }
     it { should respond_to(:satellite) }
-    it { should respond_to(:update_repository) }
-    it { should respond_to(:destroy_repository) }
     it { should respond_to(:observe_push) }
     it { should respond_to(:update_merge_requests) }
     it { should respond_to(:execute_hooks) }
diff --git a/spec/models/protected_branch_spec.rb b/spec/models/protected_branch_spec.rb
index c4d2e2f49f5..6e830393e32 100644
--- a/spec/models/protected_branch_spec.rb
+++ b/spec/models/protected_branch_spec.rb
@@ -24,19 +24,4 @@ describe ProtectedBranch do
     it { should validate_presence_of(:project) }
     it { should validate_presence_of(:name) }
   end
-
-  describe 'Callbacks' do
-    let(:branch) { build(:protected_branch) }
-
-    it 'call update_repository after save' do
-      branch.should_receive(:update_repository)
-      branch.save
-    end
-
-    it 'call update_repository after destroy' do
-      branch.save
-      branch.should_receive(:update_repository)
-      branch.destroy
-    end
-  end
 end
diff --git a/spec/observers/key_observer_spec.rb b/spec/observers/key_observer_spec.rb
index 11f975cc57d..0a886a57afd 100644
--- a/spec/observers/key_observer_spec.rb
+++ b/spec/observers/key_observer_spec.rb
@@ -3,7 +3,7 @@ require 'spec_helper'
 describe KeyObserver do
   before do
     @key = double('Key',
-      identifier: 'admin_654654',
+      shell_id: 'key-32',
       key: '== a vaild ssh key',
       projects: [],
       is_deploy_key: false
@@ -14,14 +14,14 @@ describe KeyObserver do
 
   context :after_save do
     it do
-      GitoliteWorker.should_receive(:perform_async).with(:set_key, @key.identifier, @key.key, @key.projects.map(&:id))
+      GitoliteWorker.should_receive(:perform_async).with(:add_key, @key.shell_id, @key.key)
       @observer.after_save(@key)
     end
   end
 
   context :after_destroy do
     it do
-      GitoliteWorker.should_receive(:perform_async).with(:remove_key, @key.identifier, @key.projects.map(&:id))
+      GitoliteWorker.should_receive(:perform_async).with(:remove_key, @key.shell_id, @key.key)
       @observer.after_destroy(@key)
     end
   end
diff --git a/spec/support/stubbed_repository.rb b/spec/support/stubbed_repository.rb
index fd891b1ce14..434cab6516e 100644
--- a/spec/support/stubbed_repository.rb
+++ b/spec/support/stubbed_repository.rb
@@ -48,11 +48,11 @@ module Gitlab
       true
     end
 
-    def add_key name, key
+    def add_key id, key
       true
     end
 
-    def remove_key key
+    def remove_key id, key
       true
     end
   end
diff --git a/spec/workers/post_receive_spec.rb b/spec/workers/post_receive_spec.rb
index f408c89afdd..f1a69b1b2e4 100644
--- a/spec/workers/post_receive_spec.rb
+++ b/spec/workers/post_receive_spec.rb
@@ -11,7 +11,7 @@ describe PostReceive do
   context "web hook" do
     let(:project) { create(:project) }
     let(:key) { create(:key, user: project.owner) }
-    let(:key_id) { key.identifier }
+    let(:key_id) { key.shell_id }
 
     it "fetches the correct project" do
       Project.should_receive(:find_with_namespace).with(project.path_with_namespace).and_return(project)
@@ -19,7 +19,7 @@ describe PostReceive do
     end
 
     it "does not run if the author is not in the project" do
-      Key.stub(find_by_identifier: nil)
+      Key.stub(find_by_id: nil)
 
       project.should_not_receive(:observe_push)
       project.should_not_receive(:execute_hooks)