Confused by "Machine User" docs #24314
-
I want to add a “machine user” because Travis suggest you do that to allow Travis to auto update the Github releases page post build: > “The suggested workaround is to create a machine user — a dummy GitHub account that is granted write access on a per repository basis.” The instructions to setup a machine user are: > “Setup: I don’t get it. Is the “machine user account” merely the public 1/2 of an SSH key? If so I can’t figure out how to grant a user identified by a public SSH key access as a collaborator, as an outside collaborator, or to a team in an organization. Or is there a step missing: Add an actual use and associate the SSH key with that user? If so then why’s is called a machine user? That is just a user account. |
Beta Was this translation helpful? Give feedback.
Replies: 5 comments
-
Kinda necroing the topic, but anyway: Yes, it’s still “just an user account”, but one that’s not accessed by humans, only scripts and/or programs. You will still have to create the account, which must have a valid email, and will also have to manage it’s password and SSH keys (in other words: safely store and use them). But the nice thing about it is that when using together with teams it gives you some nice flexibility for automating repository tasks, and it’s “totally cool” as GitHub puts it. It’s a bit of work to set it up at the start, but after that it makes it easier to manage. |
Beta Was this translation helpful? Give feedback.
-
Also consider whether using a Deploy Key may make your scenario work… it’s essentially an SSH identity that is not associated with a user, so it does not require password management, etc., and is commonly used by web deployment platforms. In our orgs, we’ve had to evolve our approach to using GitHub Apps and also deploy keys more often, since we now use GitHub Enterprise Cloud and also SAML-based single sign-on… having single sign-on for service accounts can be challenging in some organizations. |
Beta Was this translation helpful? Give feedback.
-
I am also looking for a machine user for managing our organisation github repositories and we also have SSO enabled. Could you explain what would be the approach of creating deploy keys or github apps to start with? I could find several GitHub docs explaining what these “terms” mean but do not explain the implementation for SSO enabled Github organisations. |
Beta Was this translation helpful? Give feedback.
-
With the GitHub App, once installed on specific repos, or all repos on an org, it has the granular permissions you grant it. SSO won’t impact it. |
Beta Was this translation helpful? Give feedback.
-
@jeffwilcox I’m interested in how you guys used GitHub Apps in your Enterprise w/SAML as “Machine Users”. Are there any references you could link me to in order to check them out? |
Beta Was this translation helpful? Give feedback.
Kinda necroing the topic, but anyway:
Yes, it’s still “just an user account”, but one that’s not accessed by humans, only scripts and/or programs. You will still have to create the account, which must have a valid email, and will also have to manage it’s password and SSH keys (in other words: safely store and use them). But the nice thing about it is that when using together with teams it gives you some nice flexibility for automating repository tasks, and it’s “totally cool” as GitHub puts it.
It’s a bit of work to set it up at the start, but after that it makes it easier to manage.