Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: dual tokens #73

Open
ndroid opened this issue Aug 12, 2023 · 1 comment
Open

Feature request: dual tokens #73

ndroid opened this issue Aug 12, 2023 · 1 comment

Comments

@ndroid
Copy link

ndroid commented Aug 12, 2023

Thanks for your project.

For the use case of having separate data repository and stats repositories, it would be useful if separate tokens could be specified for the data repository and the stats repositories. Since write permissions are only necessary for the data repository, this would allow use of GITHUB_TOKEN for the data repository which would expire upon completion of the action. That way, only read permissions would need to be provided for the stats repositories in the PAT. This would be preferred to having a long-lived PAT with write permissions.

Perhaps for backwards compatibility a new input parameter could be used for specifying the data repository token which defaults to ghtoken if undefined.
@jgehrcke
Copy link
Owner

@ndroid sorry for the late response. Thank you for the lovely description. That proposal makes a lot of sense. The principle of least privilege is of course one we should enable users to apply here. Ack.

General remark: the fine-grained authorization via GitHub API tokens has evolved quite a bit since inception of this project here. I think by now the dust has indeed settled.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jgehrcke @ndroid