github.com's machine user

github.com explains how to add a machine user to a github repository.

Machine users

If your server needs to access multiple repositories, you can choose to create a new GitHub account and attach an SSH key that will be used exclusively for automation. Since this GitHub account won't be used by a human, it's called a machine user. You can then add the machine user as collaborator or add the machine user to a team with access to the repositories it needs to manipulate. NOTE: Adding a machine user as a collaborator always grants read/write access. Adding a machine user to a team grants the permissions of the team.

Tip: Our terms of service state:

Accounts registered by "bots" or other automated methods are not permitted.

This means that you cannot automate the creation of accounts. But if you want to create a single machine user for automating tasks such as deploy scripts in your project or organization, that is totally cool.

Pros

  • Anyone with access to the repository and server has the ability to deploy the project.
  • No (human) users need to change their local SSH settings.
  • Multiple keys are not needed; one per server is adequate.

Cons

  • Only organizations have access to create teams; therefore only organizations can use them to restrict machine users to read-only access. Personal repositories always grant collaborators read/write access.
  • Machine user keys, like deploy keys, are usually not protected by a passphrase.

Setup

  1. Run the ssh-keygen procedure on your server and attach the public key to the machine user account.
  2. Give that account access to the repositories it will need to access. You can do this by adding the account as collaborator or adding it to a team in an organization.