Details
-
New Feature
-
Resolution: Fixed
-
Major
-
None
Description
To my understanding currently the github-branch-source plugins always requires GitHub user credentials / tokens to authenticate.
I'd suggest to add authenticating Jenkins to GitHub as a GitHub App too.
Why is this better than the current way:
- GitHub Apps can be granted very fine grained permissions
- GitHub Apps can be added either to a whole org, or just to selected repos
- The app uses a key pair to then get temporary credentials, so leaked creds to user are only valid for a short period of time
- Higher API limits! (probably the most important one for bigger orgs)
This is specifically NOT about authenticating users against GitHub, but for Authenticating Jenkins itself against GitHub
References: https://developer.github.com/apps/differences-between-apps/
Attachments
Issue Links
- relates to
-
JENKINS-60901 GitHub manages hooks even when it has not been configured to do it
-
- Open
-
-
-
- Closed
-
-
JENKINS-62220 GitHub App to support credentials with multiple organizations
-
- Resolved
-
- links to
