It would be great to have some kin of mechanism that limits the access tokens to only a certain organization. The use case for this is storing environment specific access secrets in CI tools.
For example, I want to deploy the staging version of my app to orgname-staging organization, while the prod version goes to orgname-prod organization. I use two different tokens for each, but as of today all tokens have full account access.
If it was possible to limit the organizational scope of access of the tokens to just a single organization, then it would be easier to maintain proper access controls to the prod environment. I.e. only devops have access to prod, while both dev+ devops have access to staging.
@jerome I’m also curious about more fine-grained permissions for API tokens.
We have a sensitive app we’d like to deploy with a GitHub action, but we’re concerned that anybody who can make a PR to that app could modify the workflow to exfiltrate the deployment token and gain further access to the app and its data.
I’ve solved this now by creating a new user (<my-name>+<client-name>@<my-company-name>.nl) and adding it to the organisation.
Some more info on my use case:
I have a client that has their own Github organisation. I am setting up a Github action there to automatically deploy to Fly. For that I have to configure a Fly API token there. Using my own personal access token will allow them to access all my other apps and organisations that are attached to my personal account. That’s not okay, so the only solution
This feature we are actively working on but it touches many areas of our platform and handles sensible data so we want to bake it just right before shipping the first version
Any timelines for this? This would be useful for a use case where we spin up a VM and hand over all control of just that VM to one entity (or, whichever entities hold that per-VM authz token).
