'Github: Use ssh key to use in only one repository or organization
It is possible to create an SSH Key who only have access to one repository or one organization and all the other ones will be rejected?
For example, you have access to this 4 repositories:
[email protected]:MyUser/repo-u1.git
[email protected]:MyUser/repo-u2.git
[email protected]:OrgRepo/repo-o1.git
[email protected]:OrgRepo/repo-o2.git
First case:
You create an ssh-key who only have access to OrgRepo. So, if the key is stolen and hacked the hacker only can have access to OrgRepo/repo-o1.git and OrgRepo/repo-o2.git but if he tries to clone the MyUser/repo-u1.git or MyUser/repo-u1.git will be rejected.
Second case:
You create an ssh-key who only have access to MyUser/repo-u2.git. So, if the key is stolen and hacked the hacker only can have access MyUser/repo-u2.git but will be rejected for the other 3 repositories.
githubSolution 1:[1]
GitHub doesn't provide exactly what you want, but it does provide some similar functionality.
First, if your organization is using SAML single sign-on, then an SSH key must be explicitly enabled for SSO before it can access the repositories for that organization. Similarly, personal access tokens must be enabled for SSO as well. There is no functionality for the reverse, preventing organization-enabled credentials from accessing personal resources.
Second, if you have an automated system, such as a CI server, that only needs to access one repository, you can create an SSH deploy key to access only that repository. This is not a good tool for individuals to use because it lacks traceability, but it is a good tool for automated systems.
Beyond that, no, GitHub doesn't provide what you're looking for.
Solution 2:[2]
For the second case, look into deploy keys where you can limit SSH key access on a per-repo basis.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | bk2204 |
| Solution 2 | Ivan |