PATs are the bane of my existence, and they are no end of problems #184319
Replies: 2 comments
-
|
For ghcr in kubernetes use a github app with a cronjob that refreshes the image pull secret before token expires. |
Beta Was this translation helpful? Give feedback.
-
|
🕒 Discussion Activity Reminder 🕒 This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions: 1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as 2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own. 3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution. Note: This dormant notification will only apply to Discussions with the Thank you for helping bring this Discussion to a resolution! 💬 |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Select Topic Area
Question
Body
How do people handle PATs for service accounts or other machine purposes?
Yes I know about generating tokens from apps. That's fine, but it's not supported in all use cases.
Here are a few that are particularly irksome:
How are people dealing with this in the real world? I've seen suggestions we need to dedicate an entire paid seat to just holding on to service-account PATs, but even so, some of these PATs are not the easiest to rotate (eg: things that end up as secrets or such in kubernetes).
What is github expecting us to do here? And this is before the disaster that's classic vs fine grained.
Beta Was this translation helpful? Give feedback.
All reactions