[almighty] Almighty Build Service and Private repositories
Max Rydahl Andersen
manderse at redhat.com
Fri Oct 28 08:02:14 UTC 2016
>> Got it - I was looking under my own personal ssh keys, and
>> expecting
>> deploy keys to
>> be what I would manage - but instead it is per repo thus you'll have
>> to
>> set the deploy key multiple times if need be.
> And I see it as a feature because it gives you granular control and
> bigger security if you use different keys for different repositories.
Agree.
>> Makes sense - and now I got it :)
>>
>> And now I grok that the interesting part is that the public key on
>> GitHub is not a private thing
>> but almighty need to somehow give the build service access to the
>> private key before we can
>> even look into the repo.
> Yes, Almighty will generate private/public key pair, set up public one
> as read-only deploy key on github and gives private key to Build
> Provider to clone the repository.
Does upload of key not imply you have granted Almighty system account
100% access to
your GitHub settings ?
That might be a permission we only want to ask for temporarily if GitHub
even
allow such access.
/max
http://about.me/maxandersen
More information about the almighty-public
mailing list