add oauth token info to github docs

kurtosis-tech · Feb 26, 2024 · 93a488b · 93a488b
1 parent 3a1b56c
commit 93a488b
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/docs/docs/cli-reference/engine-start.md b/docs/docs/cli-reference/engine-start.md
@@ -15,5 +15,6 @@ You may optionally pass in the following flags with this command:
 * `--log-level`: The level that the started engine should log at. Options include: `panic`, `fatal`, `error`, `warning`, `info`, `debug`, or `trace`. The engine logs at the `info` level by default.
 * `--version`: The version (Docker tag) of the Kurtosis engine that should be started. If not set, the engine will start up with the default version.
 * `--enclave-pool-size`: The size of the Kurtosis engine enclave pool. The enclave pool is a component of the Kurtosis engine that allows us to create and maintain 'n' number of idle enclaves for future use. This functionality allows to improve the performance for each new creation enclave request.
+* `--github-auth-token`: The auth token to use for authorizing GitHub operations. If set, this will override the currently logged in GitHub user from `kurtosis github login`, if one exists. Note, this token does not persist when restarting the engine.
 
 CAUTION: The `--enclave-pool-size` flag is only available for Kubernetes.
diff --git a/docs/docs/guides/running-private-packages.md b/docs/docs/guides/running-private-packages.md
@@ -28,7 +28,11 @@ A GitHub screen should pop up in your browser instructing you to enter the one-t
 
 After entering the code, GitHub will prompt you to authorize Kurtosis CLI. Kurtosis CLI requests [`repo`](https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps#available-scopes) access to repositories for the ability to read and pull from private repositories.
 
-:::info Private Packages within GitHub Orgs
+:::info OAuth Token Scopes
+While `repo` gives Kurtosis read and write access to private repositories, Kurtosis only performs read operations. GitHub does not support a repo `[repo:read`](https://github.com/jollygoodcode/jollygoodcode.github.io/issues/6) OAuth scope, but an alternative is to use [fine-grained personal access tokens](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#fine-grained-personal-access-tokens) to restrict Kurtosis CLI read/write and repository permissions. This token can be pass to Kurtosis CLI via the [`kurtosis engine start --github-auth-token=<>`](../cli-reference/engine-start.md) flag.
+:::
+
+:::note Private Packages within GitHub Orgs
 If the private package you'd like to develop on lives in a GitHub org, the organization must also authorize Kurtosis CLI. To have an organization you are a part of authorize Kurtosis CLI, click the `Request` button next to the organization name on the authorization page, then notify your org admins to accept the request via email.
 :::