No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

i ended up using a personal token for ci/cd as well. would be nice to have team managed tokens

Yes - creating a “bot” user for this is a pretty standard approach. That user can then be given appropriate permissions and you can use tokens for that not user in CI. For example we use <https://github.com/pulumi-bot> ourselves. 

We have thought about adding “service tokens” separate  from users, but these need to have most of the capabilities of users (RBAC). We’ll look into this further. 

Pretty much what Luke said. I definitely see us adding an easy way to support robot account tokens, etc. But for today the best practice is to create a CI/CD-specific access token, perhaps with a separate GitHub account. (So that you can set access controls differently for that robot account than yourself.)

We’ve also considered being able to limit the scope of resources a personal access token has access to as well… There are a lot of good features to enable in this area, it’s just a matter of adding them :slightly_smiling_face:

Appreciate the feedback - will set up a "bot" user for now