Better Documentation for Fine-grained Personal Access Tokens #2361
Labels
Comments
jslay88
added
enhancement
|
Hello! Thank you for filing an issue. The maintainers will triage your issue shortly. In the meantime, please take a look at the troubleshooting guide for bug reports. If this is a feature request, please review our contribution guidelines. |
|
Agreed. Fine-grained PAT are best security practice. Please provide guidance |
|
I got a repo-level runner up and running with a fine-grained PAT. Not sure if this is the best practice, but I found that repository administration read/write was necessary and sufficient. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What would you like added?
GitHub now supports fine-grained PAT. A guide that covers how to configure a token with LPA (least privileged access) for common scenarios would be a helpful guide.
A clear and concise description of what you want to happen.
Documentation that leverages the new fine-grained PAT, and provides sets of permissions one may use to create a fine-grained PAT for common scenarios in which one would use ARC.
Why is this needed?
Having documentation that tells users to use PAT that provide large scale permissions is not the best security approach. It is a common practice to generate tokens with LPA permissions.
A clear and concise description of any alternative solutions or features you've considered.
I am manually building my own sets of permissions at the moment for the various scenarios we use ARC in.
Additional context
Add any other context or screenshots about the feature request here.
Fine-grained PAT now allows tokens for specific repositories, with more fine grained permission controls.
The text was updated successfully, but these errors were encountered: