Global Deploy Tokens
Currently, if you need external access to many container registry images that require authentication (i.e. a microservice architecture), you have two options:
- The newly introduced Deploy Tokens would mean you have to create one deploy token per project and then the script/person/cluster that needs all the images should handle N amount of credentials which is not fun.
- Have a user with Reporter role access to all the projects you need and use an access token, that way you can get a single set of credentials to pull all the images, which if you are in a paid tier it means paying one extra user for the priviledge. This is what I'm doing now and worst is I have two extra users because of this and I'll probably need to add more because of this scenario.
Have a way to create Deploy Tokens with functionality similar to the Deploy Keys, which you can create once in the admin and then assign them per project, that would take the best of the two options above, a non-personal registry-only access to the images while not having to pay for an extra user.