I’m a user of a Gitea instance hosted by the organisation where I work. As a normal user, I don’t have access to the backend or the server running Gitea. I would like to setup a repository in Gitea, which is automatically mirrored to GitHub through a post-receive hook.
@lafriks mentioned that rather than using ssh keys, which aren’t sensible, I should be looking at setting up a private token and use https auth when pushing to GitHub. I can generate a token on GitHub for this purpose, but of course, I don’t want to include that token in a post-receive hook part of the git repository itself (since it could then be read publicly).
Am I right in understanding that if I include my private token as part of actions done in Giteas post-receive hook settings (settings/hooks/git/post-receive), this will never be visible or accessible by anyone but those with write access to the repository?