8000 FR: Using a deploy key instead of OAuth token · Issue #230 · crazy-max/ghaction-github-pages · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
FR: Using a deploy key instead of OAuth token #230
Open
@jinnatar

Description

@jinnatar

Description

What

Ability to provide a repo specific deploy key which is used to push to the target branch.

Why

  • When pushing cross repo, a PAT seems to be the only option.
  • Granular PATs are narrow and secure, but enforce expiry and have no programmatic renewal or trust relationship even within GHA. This makes them Annoying and prone to keeling over without manual toil.
  • Legacy PATs can be set to not expire, but are much more powerful than is needed here.
  • A write enabled deployment key would provide granularity to just one repo but with no enforced expiry. This could hit a security sweet spot.

Metadata

Metadata

Assignees

No one assigned

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

      0