I've been reading the official documentation and various articles but it's unclear to me. My organization has multiple users and multiple repos. It would not be right to merely authenticate as a particular github user (Personal Access Tokens), because a colleague logging into the shared dev server could access another's private personal repos if they can authenticate as a particular github user. Having a single organization-level access key would not be right because we need to know which user pushed which commit to the repo. I need a method which says: "I am authenticating as user X for organization Y, I can do anything that user X can do for organization Y, without being able to do everything that a user X can do outside of organization Y". Which authentication method would be appropriate for this use case?
Asked
Active
Viewed 15 times
0
-
I would recommend looking at something like gogs or gitea - access is controlled using individual public SSH keys, and there's the benefit of self-hosting a github like environment if you're into that – Jaromanda X Jun 08 '23 at 22:22