bot account for shared credentials

[zowoq]

Currently some tokens are linked to admins accounts, e.g. GANDI_KEY.

[zowoq]

@Mic92 @zimbatm

I was going to add admin@nix-community as a user to the gandi account for this token but using an gandi email alias to manage the gandi account seems a bit awkward.

Should we have a separate, real email account we can use for this stuff (cloudflare superadmin, gandi, etc) and forward that to the admins as well?

[zimbatm]

good idea 👍

[zowoq]

Any preferences on which service to use? Might just use gmail?

[Mic92]

no preference

[zimbatm]

I would just add a forwarding address mybotaccount@nix-community.org -> admin@community.org, and then use that to create the bot account. As long as we control the whole chain it's fine.

[zowoq]

I would just add a forwarding address mybotaccount@nix-community.org -> admin@community.org, and then use that to create the bot account. As long as we control the whole chain it's fine.

I don't understand how using two aliases like this is different from using one alias?

[Mic92]

Yeah we need a domain that is not controlled by the registrar that we are trying to login to avoid dependency cycles.

[zowoq]

https://api.gandi.net/docs/authentication/

Gandi api keys are deprecated and have been replaced by personal access tokens. The terraform provider doesn't support tokens yet so I'll leave this until it does.

[zowoq]

I thought that we had another token linked to an admins account but I can't see one in the secrets.

Closing as this seems it was only an issue with gandi.