Restrict Github access to a single repository in ssh and https URL

Question

I want to deploy software on a machine for a customer but have multiple private repositories and also belong to multiple organizations.

I do not want to give the customer access to all the organizations of which I am a member. All I want to do is to deploy the code and allow the customer to update it periodically.

There is a similar question here: Restrict Github API access to only one repository of a user

However, I cannot see a way of restricting the SSH access to a single repository in Github.

https://help.github.com/articles/adding-a-new-ssh-key-to-your-github-account/

Does anyone know how I can allow access to a single private repository only on a remote PC?

Answer 1

If you want to restrict Git access to a single repository, then you can use an SSH deploy key, which may be either read only or read-write. They're designed for exactly this case. GitHub doesn't currently provide a way to limit access to a single repository based on HTTP credentials.

Note that deploy keys must be unique; that is, a single deploy key must be a different key than is used for any user or for any other repository.

You could also add the customer as a collaborator on that single repo, in which case they'd be able to access that repo, but not anything else.

Answer 2

Are you giving the customer access to your account? That seems to be how someone can access your private repositories.

You can have the customer create a git account, add them as a collaborator to your private repository and add the ssh key of the machine to their account. The customer then can use their account to access your repository. I believe that way they will have access to their repository, but not your other repositories.