Skip to content

Token with "repo" scope to install private packages? #27070

Answered by jcansdale
lomedil asked this question in Actions
Discussion options

You must be logged in to vote

Hi @lomedil,

According to “About Github Packages page ”, I need to create a token with “read:packages” and “repo” scopes because my repo is private.

I don’t think our documentation is correct here. You’ll find you only need the read:packages scope to install private packages.

But the token has full access to all my private repositories because “repo” scope is flagged. Is that right? Is there any other way to share packages from private repositories?

What I suggest you do is create a machine-user account that has access to the private repositories you need to share packages from (it only needs read access). You can then generate PATs with the read:package scope from this account.

If th…

Replies: 5 comments

Comment options

You must be logged in to vote
0 replies
Answer selected
Comment options

You must be logged in to vote
0 replies
Comment options

You must be logged in to vote
0 replies
Comment options

You must be logged in to vote
0 replies
Comment options

You must be logged in to vote
0 replies
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Packages Host your dependencies, libraries, and production-ready code, right from your repository Product Feedback
3 participants