Joachim xidus

## keybase.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                xidus
                / keybase.md
            
            
              Created
              November 9, 2019 21:26
            
          
    Keybase proof

I hereby claim:

I am xidus on github.
I am xidus (https://keybase.io/xidus) on keybase.
I have a public key ASDTQLT4CC8OvpvP_eokgIXult-zqjgIrYc3ADtaHIBXPAo

To claim this, I am signing this object:

  
## python_private_dep.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                xidus
                / python_private_dep.md
            
            
              Created
              November 4, 2019 12:48
                — forked from michelbl/python_private_dep.md
            
              
                Python private dependencies cheatsheet
              
          
    I need to give access to a private dependency. It can happen for continuous integration or deployment.
Here we use python and github, using the services CircleCI and Heroku. However, the principles applies everywhere.
What is a deploy key?

See https://developer.github.com/v3/guides/managing-deploy-keys/
There are 4 ways of granting access to a private dependency, but deploy keys are a good compromise in term of security and ease of use for projects that do not require too many dependencies (in that case, prefer a machine user). In any case, do not use username/password of a developer account or oauth token as they do not provide privilege limitation.