What Is Deploy Token Scope?
Deploy token scope is the boundary of what a deploy token can do: which repositories or registries it accesses and whether it may read, write, or both. A narrowly scoped token can, for example, only pull container images from one registry. Defining the scope precisely follows least-privilege practice for automation credentials.
Why it matters
A deploy token with more scope than necessary becomes a high-value target. Limiting scope means a leaked token unlocks only a small, contained set of actions.
Related guides
What Is a Scoped Deploy Key?A scoped deploy key is a credential granting access to a single repository, often read-only, so a pipeline ge…
What Is a Service Account Key?A service account key is a long-lived credential tied to a non-human service identity, used by automation to…
What Is a Machine User?A machine user is a dedicated account created for automation rather than a person, so pipelines and bots act…