CircleCI Ideas

Allow me to signup without GitHub/BitBucket and clarify what CircleCI really have access to

Yes, the automatic signup with GitHub is convenient to CircleCI, but my security conscious starts to feel unease and I feel very unsure about what access CirculeCI really have.

Does circleCI now have direct access to all my GitHub repos?
What if I don't want CircleCI to have a default access to all my repositories? 

I wished i could signup as a normal user, and then manually add and give access to individual repositories, so I can feel more confident that circleCI only can see the repositories that it should see and nothing else. 

Basically, I want to apply the law of least privilege here.

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Jan 4 2019
  • New
  • Attach files
  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    March 23, 2019 03:03

    Yes, this is dangerous and insecure by design. Seems like it provides an irresponsible level of liability for CircleCI too.