<!--IssueSummary start--> <details> <summary> Everyone can contribute. [Help move this issue forward](https://handbook.gitlab.com/handbook/marketing/developer-relations/contributor-success/community-contributors-workflows/#contributor-links) while earning points, leveling up and collecting rewards. </summary> - [Close this issue](https://contributors.gitlab.com/manage-issue?action=close&projectId=278964&issueIid=21983) </details> <!--IssueSummary end--> ### Description Currently, read-write deploy keys are given write access to the entire repository. This makes them less useful for integrations that should only push to specific branches when compared to a user as preventing pushing to other branches relies on business processes rather than being enforced. ### Proposal When adding a write-enabled deploy key, provide an option to limit it to a subset of branch(es) using the same regex/exact match as with protected branches. ### Links / references