Terraform Registry GitHub Application permissions

Hey so we want to release a provider to the terraform registry as a community provider but we’ve got some questions around the permissions granted to the Terraform Registry GitHub Application. From what I can tell it has full read access to our org and repos, public AND private. Our questions are:

  1. What steps are there to prevent non-terraform related repos, private repos from being leaked to the registry?
  2. What steps are there to prevent Hashicorp from using and/or leaking private code/IP since we don’t have anything like an NDA established with Hashicorp?
  3. Is there a way to not grant access to read private repos?
  4. If not is there a recommended workflow or pattern you have for customers with similar concerns?
1 Like