I hereby claim:
- I am xidus on github.
- I am xidus (https://keybase.io/xidus) on keybase.
- I have a public key ASDTQLT4CC8OvpvP_eokgIXult-zqjgIrYc3ADtaHIBXPAo
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
I need to give access to a private dependency. It can happen for continuous integration or deployment.
Here we use python and github, using the services CircleCI and Heroku. However, the principles applies everywhere.
See https://developer.github.com/v3/guides/managing-deploy-keys/
There are 4 ways of granting access to a private dependency, but deploy keys are a good compromise in term of security and ease of use for projects that do not require too many dependencies (in that case, prefer a machine user). In any case, do not use username/password of a developer account or oauth token as they do not provide privilege limitation.