Disable deploy keys at the repo level (or org level) #46152
Unanswered
sandstrom
asked this question in
Repositories
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Select Topic Area
Product Feedback
Body
We don't use deploy keys. But it's a good place for a malicious actor to inject themselves.
We'd like to disable the deploy keys feature at the repo, or even better org, level. Similar to disabling classic personal access tokens.
For example, a common Gmail hacking technique is to add a "forward all emails" setting. Few will notice -- gives persistent access.
(I know there is an audit log, but using it is a hassle)
Beta Was this translation helpful? Give feedback.
All reactions