GitHub Community
-
Select Topic AreaQuestion BodyI am trying to use a personal access token to push or pull a specific registry in GitHub Container Registry, but have the token only authorized to access that specific registry. The documentation is conflicting; at one point it says that permissions can be inherited from a linked repository, but elsewhere it says only classic tokens can access packages, and classic tokens cannot be scoped to a specific package. Please let me know where I can find the workflow to push a registry with |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
The only workaround I have found is to create a separate new user, with no packages, and then, from the main user account, give that new user read and write permissions for the specific package or packages you want. Then, create a Personal Access Token (classic) with packages:read and packages:write permissions. Now, use that new user PAT to access the package in the main user account that you have granted permissions for. Because the need for least permissions is such an obvious best practice, and would be needed for every automation (e.g. with kamal), it is frankly hard for me to believe that this is beyond what GitHub can do without this kludgy workaround. Hopefully I am wrong, and I just missed it. |
Beta Was this translation helpful? Give feedback.
-
|
🕒 Discussion Activity Reminder 🕒 This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions: 1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as 2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own. 3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution. Note: This dormant notification will only apply to Discussions with the Thank you for helping bring this Discussion to a resolution! 💬 |
Beta Was this translation helpful? Give feedback.
The only workaround I have found is to create a separate new user, with no packages, and then, from the main user account, give that new user read and write permissions for the specific package or packages you want. Then, create a Personal Access Token (classic) with packages:read and packages:write permissions. Now, use that new user PAT to access the package in the main user account that you have granted permissions for.
Because the need for least permissions is such an obvious best practice, and would be needed for every automation (e.g. with kamal), it is frankly hard for me to believe that this is beyond what GitHub can do without this kludgy workaround. Hopefully I am wrong, and I j…