Per-site access tokens?

nomeata · February 17, 2022, 7:02pm

I would like to use netlify to publish some build artifacts (profiling reports for example) from some of my open source projects. My idea was to create a new site (not backed by a git repo) in netlify, and then push the build artifacts from the open source repo using a suitable Github Action.

(I can’t build the pages on netlify’s services directly, because the build is too complex and requires additional dependencies.)

But it seems that the usual way is to use a Personal Access Token for that, which would give anyone who can push to that repository a way mess with any of my other netlify sites, which is of course not ok.

Is there a way to create an access token that only permits pushing a new deploy to a specific site?

hrishikesh · February 19, 2022, 7:09pm

At the moment, no. However, this has been requested in the past, not just for specific sites, but the ability to scope the access tokens.

However, in your case, you could create a different user with just that one site and use the token for that user. It’s not the best experience, but could get the job done.

amalitsky · April 15, 2023, 8:21pm

Any updates since Feb 22?
Looks like a huge security hole.
Scoping by a team would be a step ahead.

hrishikesh · April 16, 2023, 11:55am

No updates so far, unfortunately.

Topic		Replies	Views
Access rights with personal token not available Support deployment	3	460	June 23, 2020
In netlify.toml how to access Github API Access Token of Git Gateway Support building , deployment	3	1258	October 9, 2022
Building from github repo as collaborator Support deployment	5	4323	September 8, 2022
Connecting to organization-owned, private GitHub repositories Updates	2	1045	October 18, 2022
[Support Guide] Linking a repository via API Support Guides netlify-api , support-guide	55	12395	January 13, 2025

Per-site access tokens?

Related topics