GitHub 个人访问令牌私人回购 scope
[英]GitHub Personal Access Token Private repo scope
问题描述
I am currently trying out Netlify function and using Netlify-cli to setup the CD.
我目前正在试用 Netlify function 并使用 Netlify-cli 设置 CD。 In the authorizing options, I picked the GitHub Personal Access Token and I want to know if the Full control of private repositories scope will include the private repos in the organization that I am apart of as I don't want it to access the repos in the organization.在授权选项中,我选择了 GitHub 个人访问令牌,我想知道Full control of private repositories是否将包括我所在的组织中的私有存储库,因为我不希望它访问存储库该组织。
1 个解决方案
解决方案1
0 2021-06-09 18:13:22
The scope has a few implications and you should probably look at a user specific role for setting up access tokens without giving access to a user (yourself) as the owner of the org repositories you have. scope 有一些含义,您可能应该查看用于设置访问令牌的用户特定角色,而不授予用户(您自己)作为您拥有的组织存储库的所有者的访问权限。
Create a (machine) user that has access to only the one repository or repositories (private) that would limit the access to these repositories or an organization repository.创建一个(机器)用户,该用户只能访问一个或多个存储库(私有),这将限制对这些存储库或组织存储库的访问。 Since private tokens have read/write access this is a prudent approach to making sure you're limiting access to other repositories using the token.由于私有令牌具有读/写访问权限,因此这是一种谨慎的方法,可确保您使用该令牌限制对其他存储库的访问。
If at a later time this changes on Github, this will no longer be needed.如果稍后在 Github 上发生更改,则不再需要此设置。 It is the approach I have used to limit my exposure to a leaked token or access.这是我用来限制暴露于泄露的令牌或访问权限的方法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.