Create seperate accounts on Github, for example one personal account and on account for work
Pros:
- easy to setup
- SSH keys are not exposed when using SSH forwarding with a devcontainer
Cons:
- requires to setup 2 SSH keys locally
- no segregation within one key access
Add one SSH key per repo as a Deploy Key (keys cannot be reused so they all need to be different).
How to:
ssh-keygen -t ed25519 -f ~/.ssh/github-ORG-REPONAME -C "Deploy key for ORG REPONAME"cat ~/.ssh/github-REPONAME.pub | pbcopy- go to https://github.com/ORG/REPONAME/settings/keys and create a key
- setup the keys in
.ssh/configwith:
Host github-ORG-REPONAME
HostName github.com
User git
IdentityFile ~/.ssh/github-ORG-REPONAME
IdentitiesOnly yes
AddKeysToAgent yes
- clone with `git clone git@github-ORG-REPONAME:ORG/REPONAME.git
Pros:
- segregation per repo
- SSH keys are not exposed when using SSH forwarding with a devcontainer
Cons:
- hassle to setup (multiple keys on Github and locally)
- could not get it to work with devcontainers
Create a PAT for right repos and with the right level of granularity
How to:
Configure git:
git config --global credential.https://git.521000.best.useHttpPath true # save credential per repo url
git config --global credential.helper osxkeychain # for sourcetree on macOSCreate a personal access token:
- go to https://github.com/settings/personal-access-tokens/new
- change
Resource ownerif repos are owned by another org - select repos
- select permissions "content" + read and write
Clone the code:
- git clone https://...
- enter username: github username
- enter password: the personal access token
In devcontainer, check it is using the personal access token:
# What helper is configured?
git config --show-origin --show-scope --get-all credential.helper
# HTTPS credential path
printf "protocol=https\nhost=github.com\n\n" | git credential fillPros:
- fine-grain access per repo and per action
- confirmed working with devcontainers
Cons:
- PAT is exposed in the devcontainer, so could be stolen