We’re evaluating circle-ci and really like it so far but we’ve hit a limitation and were wondering if you could provide some advice.
Our use case is fairly simple: we have a repository with terraform code in to configure our AWS environments: dev, int, stage, prod. We’ve setup rules to deploy to each environment based on which branch is updated and all is well, however, any user who has even read access to the repository in our organisation can log-in to circle-ci and ‘rebuild’ the production branch with SSH enabled and gain access to destroy our most important environment. How would you go about locking down access to this environment? We want our devs to be able to push to the dev and int branches which we’ve achieved by “protecting” the stage and prod branches on github.com, is there any plan to add fine-grained access control to circle-ci, or for circle-ci to pull in protected-branch information from github.com?