openvsx icon indicating copy to clipboard operation
openvsx copied to clipboard
verified publisher icon eclipse

Limit token scope

Open AnHeuermann opened this issue 1 year ago • 3 comments

I have access to two different namespaces on Open VSX Registry, my personal namespace and a namespace used by an organization I'm a member of. It would be great to limit the scope of the access tokens to specific namespaces and even better specific extensions. So if one personal access token leaks no other extensions I have access to is at risk.

So I want to use a unique token for my personal AnHeuermann/extension1 and two other unique tokens for organization/extension2 and organization/extension3.

AnHeuermann avatar Jul 05 '24 13:07 AnHeuermann

Hi @AnHeuermann! Thanks for the feature request. This would be a good enhancement.

amvanbaren avatar Jul 09 '24 08:07 amvanbaren

code of conduct[]#

montyc123 avatar Jul 12 '24 15:07 montyc123

This is important to me. I typically automate my release flows using GitHub Actions. If my token is leaked, the only thing that should be compromised is just that extension.

It would also be good to scope the token to specific actions. Right now, a token can also create a new namespace, which is unnecessary for CI/CD automation.

tomodachi94 avatar Oct 11 '25 02:10 tomodachi94