Shared API key for CI tools?

We’re using Github login for our account, however we want to link Sonarcloud with our CI tools. Per best practice, we don’t want to use a user’s keys, rather a simple shared read only account.

I haven’t worked out how to do this other than the very cumbersome approach of creating a dedicated Github CI user, which is further complicated as we mandate MFA on our Github accounts.

Does anyone know how best to mange CI API integration and whether dedicated accounts are needed for this?

Hey there.

It isn’t currently possible to create an analysis token that isn’t tied to a specific user (and doesn’t have the exact same rights as the user) – but we have heard this request before and keep track of this feedback, so I’ve made sure to make a note of it internally.

Thanks very much.

Hi Colin

Speaking with Github support, they mentioned the need to manage a dedicated tool just to handle shared MFA which is a nightmare. Another approach would be a phone set to forward SMSes to a group of people.

I’m unhappy I’m being pushed in this direction, an account-bound API key should be a standard feature.