`write_registry` permission to Deploy Tokens
Problem to solve
We are building images on server separate from the GitLab CI, these servers need a secure way to handle tokens with push access to the container registry
Using a project members PAT is dangerous as all project members can access the shared servers. Using a dedicated user for each project is hard to maintain.
write_registry permission to Deploy Tokens so that we easily can create a token with the access we need for a single project only.
What does success look like, and how can we measure that?
I can create a Deploy Token with
write_registry, log in to with with
docker login and push images to the correct project.
Links / references
I write a comment in gitlab-ce#23322 but a smaller, focused issue is often easier to deal with which is why I also created this issue