This message was deleted.
# general
s
This message was deleted.
b
i ended up using a personal token for ci/cd as well. would be nice to have team managed tokens
w
Yes - creating a “bot” user for this is a pretty standard approach. That user can then be given appropriate permissions and you can use tokens for that not user in CI. For example we use https://github.com/pulumi-bot ourselves. We have thought about adding “service tokens” separate from users, but these need to have most of the capabilities of users (RBAC). We’ll look into this further.
Cc @colossal-beach-47527
c
Pretty much what Luke said. I definitely see us adding an easy way to support robot account tokens, etc. But for today the best practice is to create a CI/CD-specific access token, perhaps with a separate GitHub account. (So that you can set access controls differently for that robot account than yourself.) We’ve also considered being able to limit the scope of resources a personal access token has access to as well… There are a lot of good features to enable in this area, it’s just a matter of adding them 🙂
o
Appreciate the feedback - will set up a "bot" user for now