On 2019-06-29 07:04:00 -0500 (-0500), Sean McGinnis wrote: [...]
Seems fairly easy enough to even just create a githubadmin@openstack.org account and control access via that.
Which brings us all the way back around to what the Infra team ended up doing... create a shared account backed by a second auth factor of an OTP generator on its own access-controlled system with audit logging. You could leverage it the same way to authorize and deauthorize other accounts for short-term administrative access. But at the end of the day, solutions like that are probably more of a pain than if the handful of admins who want to have GH accounts and also use GH for other reasons could just have two separate accounts. (Not that I particularly have a horse in this race either way, I'm just happy I can stop touching GH nearly so often.) -- Jeremy Stanley