We would very much like to start using this. 2.5 years in the making doesn't sound good. What's the status?
We are thinking of making API keys “scoped”, so that you can create an API key that, for example, can only consome and/or push to a given feed. Would that work?
For ACL purposes, a "team" concept would be very handy it would also solve the feed ownership problem (feeds are currently personally owned by regular people; what happens when they leave the company, etc) and could be used as a non-personal account for bots.
Alternatively, MyGet could have a "team" concept that could be used both for authorization and as a natural owner of feeds, packages and API keys. Either way, the current situation where a person owns both a feed and packages is just weird. What happens when that person leaves the company, for instance?
4 votesAsbjørn Ulsberg shared this idea ·
Good suggestion. It’s in our backlog.
I'd like this for pushing packages from a build server as well. The best way to implement this would be if MyGet had a "team" concept that had its own keys, but Deployment Keys could work as well.