We use cookies to understand how people use Depot.
← All Posts
New feature: project tokens
Written by
kyle
Kyle Galbraith
Published on
21 June 2022
You can now authenticate to Depot with a project-specific API token, for fine-grained access control over your Docker builds.
New feature: project tokens banner

We recently released a new authentication method for builds in Depot, project tokens! With this new feature, you now have three different ways to authenticate and run builds with Depot:

  1. User access tokens
    • Created by individual users, user access tokens allow build access for any project in any organization that the user has access to.
  2. OIDC tokens (GitHub only)
    • Configured by organization administrators for specific projects via trust relationships, OIDC tokens issued by GitHub Actions can be programatically exchanged for temporary build tokens, allowing access to specific projects inside the workflow run.
  3. Project tokens
    • Created by organization administrators for a single project, project tokens allow build access for only that one project.

When to use project tokens?

A project token belongs to a specific project within a single organization. They are scoped to only allow building images for the project they are associated with. This a finer grained approach than user access tokens, and is the recommended way to authenticate builds to Depot from your CI provider.

Note: If you are using GitHub Actions as your CI provider, you can use the OIDC token approach, which doesn't require any static access tokens and instead issues temporary access tokens for each workflow run. This is a more secure option if available to you.

How to configure a project token

Project tokens can be configured from the Project Details page.

Project Details page for Depot

  1. Open your Project Details page by clicking into a project from your projects list
  2. Click on Settings
  3. Enter a description under Add project token and click create token

You can then use your new token in your existing CI provider to route builds to that specific project in Depot. See our integration guides for details on how to set these tokens in a variety of CI providers.

Feedback

We are continually looking for ways to make Docker builds easier, faster, and more secure. If you have any ideas or questions about project tokens, or anything Depot related, send us an email.

If you are tired of waiting for your slow Docker builds to finish in CI, sign up for an account and let us help speed things up! Depot can build Docker images 2-3x faster in CI with our fast compute and persistent SSD cache. Depot can even build native Arm containers or multi-platform images without any additional configuration.