Hey so we want to release a provider to the terraform registry as a community provider but we’ve got some questions around the permissions granted to the Terraform Registry GitHub Application. From what I can tell it has full read access to our org and repos, public AND private. Our questions are:
- What steps are there to prevent non-terraform related repos, private repos from being leaked to the registry?
- What steps are there to prevent Hashicorp from using and/or leaking private code/IP since we don’t have anything like an NDA established with Hashicorp?
- Is there a way to not grant access to read private repos?
- If not is there a recommended workflow or pattern you have for customers with similar concerns?