I'm owner for my company of a few crates published on crates.io. However, relying on an individual in a company is kind of risky in the case of a compromised token for example (I might be on vacation or might even change company): I wouldn't be able to revoke the token fast enough or at all.
For most of the crates under my company's umbrella, we associated a Github team with them (the team appears as an additional owner of the crates). I'd thought I would be able to create tokens associated to the team so if I happen to not be available to revoke a token, any other member of the team would be able to do so. But I couldn't find how to create a token associated to the team (and not to a user). Did I miss something? Or am I looking for something that doesn't exist?
I have the impression that it should be possible from the documentation.
If a team name is given to
--add, that team is invited as a “team” owner, with restricted right to the crate. While they have permission to publish or yank versions of the crate [...]
Since I believe I need a token to publish a crate, I'm assuming it should be possible to obtain a team's token. But I couldn't find how so here I am, trying to ask for help from the experts