Skip to content

📝 Add fine-grained tokens #1290

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 16, 2024
Merged

📝 Add fine-grained tokens #1290

merged 2 commits into from
May 16, 2024

Conversation

@coyotte508
Copy link
Member

@coyotte508 coyotte508 commented May 16, 2024

cc @philschmid (recent convo with cloudflare) @Pierrci too

@HuggingFaceDocBuilderDev
Copy link

HuggingFaceDocBuilderDev commented May 16, 2024

The docs for this PR live here. All of your documentation changes will be reflected on that endpoint. The docs are available until 30 days after the last update.

osanseviero
osanseviero approved these changes May 16, 2024
View reviewed changes
Copy link
Contributor

@osanseviero osanseviero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice 🔥

pcuenca
pcuenca approved these changes May 16, 2024
View reviewed changes
Copy link
Member

@pcuenca pcuenca left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very cool!

@coyotte508 @osanseviero
Apply suggestions from code review
125bbf6 
Co-authored-by: Omar Sanseviero <osanseviero@gmail.com>
@coyotte508 coyotte508 merged commit 5ef8144 into main May 16, 2024
@coyotte508 coyotte508 deleted the finegrained-tokens branch May 16, 2024 16:18
Pierrci
Pierrci reviewed May 16, 2024
View reviewed changes
docs/hub/security-tokens.md
We also recommend only giving the appropriate role to each token you create. If you only need read access (e.g., loading a dataset with the `datasets` library or retrieving the weights of a model), only give your access token the `read` role.
We also recommend only using fine-grained tokens for production usage. The impact, if leaked, will be reduced, and they can be shared among your organization without impacting your account.

For example, if your production application needs read access to a gated model, a member of your organization can request access to the model and then create a fine-grained token with read access to that model. This token can then be used in your production application without giving it access to all your private models.
Copy link
Member

@Pierrci Pierrci May 16, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔥

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Pierrci Pierrci Pierrci left review comments

@julien-c julien-c julien-c approved these changes

@pcuenca pcuenca pcuenca approved these changes

@SBrandeis SBrandeis Awaiting requested review from SBrandeis

@Michellehbn Michellehbn Awaiting requested review from Michellehbn

+1 more reviewer

@osanseviero osanseviero osanseviero approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@coyotte508 @HuggingFaceDocBuilderDev @julien-c @pcuenca @Pierrci @osanseviero