As far as I can tell personal access tokens allow any actions. We’d like to limit the allowed actions to only create a deploy in case a key leaks and a malicious actor e.g. deletes a site.
Context
We’d like to move from netlify’s CD platform to azure since Azure is twice as fast and has way more free minutes.
It seems like we can already do that with the netlify cli (build+deploy) but we need an access token. Since we’d also like to build pull requests from forks we would need to make that token available to these PRs. While there are certain measures in place to prevent leaking it’s never 100% safe. We’d be fine with potential leakage if that only results in deploys being created. But e.g. removing sites is to great of a risk.