undefined | Better HN

0 pointsbrasic3y ago0 comments

Not sure what you mean. Adding a deploy key is about as simple as I can imagine, definitely doesn’t require messing with apps, which I agree is a pain.

https://docs.github.com/en/authentication/connecting-to-gith...

(disclosure, former GH)

0 comments

memco3y ago

That's a different thing. Here's some info on deploy tokens: https://docs.gitlab.com/ee/user/project/deploy_tokens/. It's a one-off username+password pair that can be used for HTTP cloning without setting up SSH keys or creating users. As far as I can tell in Github you use either automatic tokens[1] or personal tokens[2]. Personal tokens look easier to set up, but they are tied to a user and not the repo or organization, which isn't great if you're using this for a company—you have to create a whole separate token user if you don't want it tied to someone's personal account. Automatic tokens require a script to manage.

As nice as this one feature of Gitlab is it is not a major show-stopper. Almost everything we need is available in most git services. So to GGP's point: we are likely to go for the most affordable option even if there's some tradeoffs.

[1]: https://docs.github.com/en/actions/security-guides/automatic... [2]: https://docs.github.com/en/authentication/keeping-your-accou...

mau3y ago

I think the GH app is a workaround for this:

> Deploy keys only grant access to a single repository. More complex projects may have many repositories to pull to the same server.

j / k navigate · click thread line to collapse