Restrict API personal access token to a specific project
API personal access tokens appear to be global rather than project specific.
Please add options for 'global' or 'project' to API tokens.
e.g. a development project token should not have access to the production project.
-
Guest
- Sep 11 2018
- Planned
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- +18
-
Restrict API personal access token to a specific project Merged
API personal access tokens appear to be global rather than project specific.Please add options for 'global' or 'project' to API tokens.e.g. a development project token should not have access to the production project. -
Project-specific API keys Merged
I'm currently setting up a wildcard Let's Encrypt cert and it needs an API key so it can do its thing with the DNS records of my domain. But to do this I need to give it access to my whole account! It goes against the most fundamental security pri...0 Planned
-
Generate API keys / access tokens scoped to a given project Merged
It would be great to be able to generate API keys / access tokens that are scoped to a given project (in addition to specifying the read and/or write scopes).0 Planned
Related ideas
Any ETA on this?, we're starting to get a good amount of projects running, and it is a bit scary having one API key to rule then all
Attachments Open full size
Also it will be helpful to be able to limit access to all resources groups. Not needed to have it complex like AWS ARNs, but I would use ability to e.g. create key what can update DNS records on one specific domain.
Attachments Open full size