Thanks for sharing your suggestion.
Currently this is not possible, you'd need to make user-per-repo
and generate a token for him. This allows auditibility and things
like ip-restrictions would work ootb.
We had already similar request from another user. But we were
not really for that solution as it opens some other problems in
terms of beeing able to tell who has an access.
By that time we had an other idea, and please let us know if it
would fit in your use case.
Instead of per-repository token, user auth-tokens would have an
additional scope parameter. It means that you'd have an user called
CI_BOT, for this user you can generate multiple
tokens, you set a role for that token, and also a scope. A scope
could be repository, or repository group. This was you can have a
nice way to generate multiple keys but bound to certain repos.
P.S. Please consider joining our Slack community channel under
. Get access to our development team as well as community members
always willing to help.
I think that could work. My scenario is to create keys on the
fly via a custom backend for Vault, such that my builds and
deployments only have a token for the minimum amount of time
necessary for the task at hand.
I think how this problem was solved with bit-bucket was by only
exposing the token during creation, and otherwise it was no longer