Skip to content
Latchkey

What Is Deploy Token Scope?

Deploy token scope is the boundary of what a deploy token can do: which repositories or registries it accesses and whether it may read, write, or both. A narrowly scoped token can, for example, only pull container images from one registry. Defining the scope precisely follows least-privilege practice for automation credentials.

Why it matters

A deploy token with more scope than necessary becomes a high-value target. Limiting scope means a leaked token unlocks only a small, contained set of actions.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →