GitHub Personal Access Token Private repo scope

1.2k views Asked by At

I am currently trying out Netlify function and using Netlify-cli to setup the CD. In the authorizing options, I picked the GitHub Personal Access Token and I want to know if the Full control of private repositories scope will include the private repos in the organization that I am apart of as I don't want it to access the repos in the organization.

1

There are 1 answers

1
talves On

The scope has a few implications and you should probably look at a user specific role for setting up access tokens without giving access to a user (yourself) as the owner of the org repositories you have.

Create a (machine) user that has access to only the one repository or repositories (private) that would limit the access to these repositories or an organization repository. Since private tokens have read/write access this is a prudent approach to making sure you're limiting access to other repositories using the token.

If at a later time this changes on Github, this will no longer be needed. It is the approach I have used to limit my exposure to a leaked token or access.