Why does streamlit.io require write access to the repository?

Is write access required for pulling from a repository? :neutral_face:


Hi @Patchouli,

Thanks for sharing this question! Write access is required in order to manage the public keys for the repo. More details in our docs here.

In order to deploy your app, Streamlit requires access to your app’s source code in GitHub and also the ability to manage the public keys associated with the repositories. The default GitHub OAuth scopes are sufficient to work with apps in public GitHub repositories. However, in order to work with apps in private GitHub repositories, Streamlit requires the additional repo OAuth scope from GitHub. We recognize that this scope provides Streamlit with extra permissions that we do not really need, and which, as people who prize security, we’d rather not even be granted. Alas, we need to work with the APIs we are provided by GitHub.

What if we don’t want private repositories? Seriously. If you wanted to solve this, you would. I literally can’t teach this topic to students because of this crazy situation.

“which, as people who prize security, we’d rather not even be granted”

Very hard time believing this position when a few lines earlier you note that this access level isn’t required for public repositories.

Can we fix this, please?

1 Like