Web lists-archives.com

Salsa token and privacy


I was using a nitrokey pro + gpg-agent in order to  connect via ssh to the debian infrastructure.
Now that we have salsa, it seems that the way to go is to use salsa token in order to automake a bunch of tasks.

So now I need to put somewhere on a disk my salsa token, in fact on every computer where I want to use this token.
And it means a lot.

I would like to have something like the previous setup where all my private information are stores on the nitrokey.

do you know if the salsa api (in fact gitlab api) can be access more securely than via a token which is copied multiple times  everywhere.
and if not how are you dealing with this ?


PS: Nothing polemic here please, I have just this concern about the token privacy.