Guidance on which restrictions we should put on the API key

[pedrogk]

A part of me doesn't feel comfortable leaving API keys without any restrictions. Any ideas of restrictions that we can put? (for IPs, calls, etc).

[martyndavies]

Hi @pedrogk, thanks for your question. There are currently no additional flags that can be set for restrictions here, unless the services you are connecting allow for it. The GitHub Actions approach is very secure. Outside of that, it is the same approach you would take if you were working directly with the APIs of each service.