[Error] gyro is not able to find and initialize private repositories

[haze]

I tried to create a gyro manifest for a project that I am working on. Currently, I have the source stored in a private repository on GitHub. When running

gyro init haze/top_secret_super_secret_dont_share

I am met with this:

got http status code for https://api.github.com/repos/haze/top_secret_super_secret_dont_share: 404{"message":"Not Found","documentation_url":"https://docs.github.com/rest/reference/repos#get-a-repository"}

[truemedian]

I think the actual issue here is that fetching a private repo requires a bearer token with an additional scope. Currently, gyro's bearer token is only used for reading user data (name and email) on the server side. The token is passed in plaintext as a header, so adding more scopes (especially scopes that provide data not available to the public) is a definite vulnerability.

[mattnite]

I think it would be best to manage two different tokens, not everyone is going to both publish and use private repos. We could have a secrets or tokens subcommand that lets the user manage tokens and initiate the device polling thing for github by itself.

This also opens up avenues for other systems but I wouldn't worry about coming up with something too complicated since gyro is at its scope, I only want to maintain it and improve the UX for things it can already do.