75

I want to generate an SSH key with only READ permissions to be used with my GitHub account is it possible? or should I create another account with only read permission?

2
  • The Deploy Key ! Commented Apr 14, 2018 at 17:37
  • 1
    The Deploy key cannot be shared across multiple repositories at GH which may completely break the plan. Commented Sep 2, 2021 at 12:29

2 Answers 2

74

Deploy Keys to the rescue

A deploy key is an SSH key that :

  • is stored on your server and grants access to a single GitHub repository.
  • Often used to clone repositories during deploys or continuous integration runs.
  • Deploys sometimes involve merging branches and pushing code, so deploy keys have always allowed both read and write access.
  • But Because write access is undesirable in many cases, you can have the ability to create deploy keys with read-only access.
  • New deploy keys created through GitHub.com will be read-only by default and can be given write access by selecting Allow write access during creation.

Creating Read only deploy key

  1. Go to Settings tab inside the repository you want to give read only permission.
  2. On the left side navigation bar Select Deploy Keys

Github Deploy Keys

  1. Click Add Deploy Key .
  2. Give it a title whatever you want and Add the ssh key.
  3. Make sure that box Allow write access is unchecked.
  4. You're done !

To know more about Deploy keys, read at Github Developer. Also refer to this beautiful gist by zhujunsan on Github.

Feel free to add-in more details.

2
  • 2
    And to add multiple repositories, generate one SSH key for each and add the configuration to the SSH config file as explained on medium.com/@dustinfarris/…
    – Nagev
    Commented Aug 8, 2018 at 9:26
  • but generating ssh keys for each repository deploy key is messy, lets say there are 10 repositories that I want to deploy to a machine.
    – Luk Aron
    Commented Jan 27, 2021 at 16:36
23

Github organizations can "sort of" support this work-flow:

  • Create an organization
  • Create a dummy account which will be used for readonly access
  • Add the dummy account to the organization with read-only permissions
  • Add whatever SSH keys you want to have on the read-only account
  • Use your normal account(s) to allow writing
2
  • 9
    Unlike the accepted answer, this one gives you read access to ALL repositories in the organization.
    – mareoraft
    Commented Dec 10, 2018 at 14:04
  • 1
    This seems to be "the" plan of GH, to force an additional user per company for such case because deploy keys cannot be shared among repositories? Commented Sep 2, 2021 at 12:30

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .