Confused by "Machine User" docs

sgpinkus · May 23, 2020, 5:34am

I want to add a “machine user” because Travis suggest you do that to allow Travis to auto update the Github releases page post build:

> “The suggested workaround is to create a machine user — a dummy GitHub account that is granted write access on a per repository basis.”

The instructions to setup a machine user are:

> “Setup:
> 1. Run the ssh-keygen procedure on your server and attach the public key to the machine user account.
> 2. Give the machine user account access to the repositories you want to automate. You can do this by adding the account as a collaborator, as an outside collaborator, or to a team in an organization.”

I don’t get it. Is the “machine user account” merely the public 1/2 of an SSH key? If so I can’t figure out how to grant a user identified by a public SSH key access as a collaborator, as an outside collaborator, or to a team in an organization. Or is there a step missing: Add an actual use and associate the SSH key with that user? If so then why’s is called a machine user? That is just a user account.

ldnunes · December 4, 2020, 7:18pm

Kinda necroing the topic, but anyway:

Yes, it’s still “just an user account”, but one that’s not accessed by humans, only scripts and/or programs. You will still have to create the account, which must have a valid email, and will also have to manage it’s password and SSH keys (in other words: safely store and use them). But the nice thing about it is that when using together with teams it gives you some nice flexibility for automating repository tasks, and it’s “totally cool” as GitHub puts it.

It’s a bit of work to set it up at the start, but after that it makes it easier to manage.

jeffwilcox · December 4, 2020, 7:18pm

Also consider whether using a Deploy Key may make your scenario work… it’s essentially an SSH identity that is not associated with a user, so it does not require password management, etc., and is commonly used by web deployment platforms.

In our orgs, we’ve had to evolve our approach to using GitHub Apps and also deploy keys more often, since we now use GitHub Enterprise Cloud and also SAML-based single sign-on… having single sign-on for service accounts can be challenging in some organizations.

Docs - https://developer.github.com/v3/repos/keys/