We are using Trello and we would like to use the GitHub PowerUp to integrate pull requests and issues into our Trello board. However, when linking my GitHub account, the PowerUp seems to require a lot of permissions:
Organizations and teams Read-only access
This application will be able to read your organization, team membership, and private project boards.
Repositories Public and private
This application will be able to read and write all public and private repository data. This includes the following:
At this point we are reluctant to use the GitHub PowerUp because it seems to require read/write access to our code.
Why would Trello need read/write access to our code (for both public and private repos)?
Thanks in advance!
Hi there,
We make sure that we only ask for permissions that are the minimum necessary to enable the functionality of the Power-up. This question has been asked before and we created a help article which answers this here: https://help.trello.com/article/1023-using-the-github-power-up
Thanks!
Ryan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
It appears like GitHub now supports a lot more granular permissions. Can you update your GitHub App to only request the permissions it actually needs?
https://docs.github.com/en/developers/apps/managing-github-apps/editing-a-github-apps-permissions
For us, permitting write access to code or any access to deploy keys is completely out of the question, which makes this Trello plug-in unusable.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.