You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem?
Using a Personal Access Token (PAT) with repo rights to deploy the Homebrew taps is a security concern, see #2026
Describe the solution you'd like
Since Github does not allow to create PAT that are restricted to a few repository, but allows adding Deploy Keys to specific repositories, it might be interesting to have a way to provide a SSH Deploy Key instead of a Token for Homebrew deployment as was proposed in #1643 and for the same reasons.
Describe alternatives you've considered
We can use Machine User accounts to workaround the security issue, but it adds a significant extra burden (with the need to create and secure an extra account).
We can use a very hackish way using Github Apps Installation token, since these can be restricted to specific repo, it appears.
Additional context
I'll open a discussion on the topic shortly.
The text was updated successfully, but these errors were encountered:
Yes, but the issue is that PA Token are too difficult to "restrict" in scope to a single repo, whereas Deploy Keys are highly specific to a repo and thus super useful for deployment.
Is your feature request related to a problem?
Using a Personal Access Token (PAT) with
repo
rights to deploy the Homebrew taps is a security concern, see #2026Describe the solution you'd like
Since Github does not allow to create PAT that are restricted to a few repository, but allows adding Deploy Keys to specific repositories, it might be interesting to have a way to provide a SSH Deploy Key instead of a Token for Homebrew deployment as was proposed in #1643 and for the same reasons.
Describe alternatives you've considered
We can use Machine User accounts to workaround the security issue, but it adds a significant extra burden (with the need to create and secure an extra account).
We can use a very hackish way using Github Apps Installation token, since these can be restricted to specific repo, it appears.
Additional context
I'll open a discussion on the topic shortly.
The text was updated successfully, but these errors were encountered: