メモ
Delegated bypass for push protection is currently in beta and subject to change.
About delegated bypass for push protection
When push protection is enabled for a repository, users with write access can bypass push protection and push a secret if they provide a reason and the bypass is approved.
With delegated bypass for push protection, you can:
- Choose which individuals, roles, and teams can bypass push protection.
- Introduce a review and approval cycle for pushes containing secrets from all other contributors.
To set up delegated bypass, organization owners or repository administrators create a list of users with bypass privileges. This designated list of users can then:
- Bypass push protection, by specifying a reason for bypassing the block.
- Manage (approve or deny) bypass requests coming from all other contributors. These requests are located in the "Push protection bypass" page in the Security tab of the repository, and will expire after 7 days. For more information about bypass requests, see About bypass requests for push protection.
The following types of users can always bypass push protection without having to request bypass privileges:
- Organization owners
- Security managers
- Users in teams, default roles, or custom roles that have been added to the bypass list.