Machine user flagged and hidden after creation

Hi,

since i need some machines to access some private repos on my Organization, and depending on the machine, some access some repos, and others other repos, I decided to create github users to then add them to my organization, and in the end add as colaborators to the repos I want available on each machine.

All seems fine… but after creating around 10 users (the build node servers, ci/cd servers, dev servers, etc) I found that only the first was ok, and the remaining ones are being flagged and hidden from the public… meaning I’m unable to add them to my Organization…

This kind of defeats the purpose of creating them… For each one I opened a support question, saying they were machine users and to “un-flagg” them… This has been several hours and all remains the same…

Is there anything else I should do?

Do you think this is the best practice?

Thanks for your help

Hi @bds-codebuilder,

This is definitely not best practice, and in fact against the ToS. Depending on your needs, you may be well-served with deploy keys (which are per-repo) instead of separate users. If that’s not sufficient, you’ll need to wait for support to see your tickets.

1 Like

Hi @seveas

Thanks for your help.

How come it’s not a best practice?

It’s explicit here that this is one of the automation use cases:

https://developer.github.com/v3/guides/managing-deploy-keys/#machine-users

Although deploy keys are per repo, I can not add the same deploy key to more that one repo (trust me, I tried), and this means that I have to put the same deploy key on every server that needs access to it… Or create multiple keys… per repo…

With an Automation user, I create a ssh key for that user, and then add that user to my organization and then I add it as a read only colaborator to all the repo’s that user needs (which will be configured on a single machine).

If that machine get’s compromised, or get’s deleted or whatever I can just delete that user, or remove it’s ssh key and I know it’s not usable for those repo’s anymore…

How can I do that with deploy keys? I would have to create 1 deploy key per machine x per repo and manage all of those… not practical at all…

Can you explain me how to do it? maybe I’m missing something here…

Thanks

Creating a single automation user is common, creating many automation users like you did is not, and that’s the bit that’s against the terms of service. And you’re correct in that a deploy key can only work on one repo. If you want to have multiple different credentials for a repo, you will need multiple keys. You could automate this with a single bot user in a trusted location that creates/distributes those keys and adds them to github via the API maybe.

1 Like

I create many account to limit access repository, but now, all of them has been flagged.

Hi @letanloc1998 Thank you for being here! Only private support can help with this. We are not able to discuss specific account details in the public forum. If you have not already please reach out to our private support team.