I'm an administrator for an organization (call it 'foo') that has a few hundred repositories.
I frequently get emails from Github like this:
Subject: [GitHub] A new public key was added to foo/bar
Body: The following SSH key was added to the foo/bar repository by baz:
If you believe this key was added in error, you can remove the key and disable
access at the following location: (snip)
Upon investigation, I think these are actually deploy keys being added. I'm not sure why the email doesn't include the words "deploy key" anywhere, but whatever.
I don't care whether deploy keys are added to individual repos, is there any way to stop these notifications? Note that while I'm part of the foo organization, I'm not specifically a member of or watching the bar repo.
You can manage your notifications in the following way:
click on yor profilepicture --> settings --> personal settings --> notifications
Thanks for reaching out! Yep, adding a deploy key will send a notification to all organization owners.
This is to make sure that owners are aware of any deploy keys created in their repositories, since removing from the organization the user who added the key will still allow them to access the repository with the deploy key. It currently isn't possible to opt-out from those emails for this reason.
thanks for the information.
however, this mechanism is probably not useful for a bigger organization, where it isn't really possible for the owners to have overview over "member turnover" and which repos would need to be checked etc.
btw, are there any way to see list of deploy keys for the org all at once?
I too am finding this more annoying than useful. Would love to see a way to opt out. In the meantime, probably just going to set up an email filter.