[diggan]

> Requiring a manual step for that in another tool, with another set of credentials and scopes to manage is a bigger risk (IMO) than managing an extra secret. [...] If you have servers to manage, or clients on another storefront (Epic, GoG, PSN/Xbox) you need to ensure versions are coordinated; and now you're potentially asking someone to log into 5 dashboards to set manually upload versions and set builds.

Yeah, I'm not arguing for multiple approvals to deploy a suite of things, but one approval which is authenticated for doing it all, nor am I arguing to somehow add more authentication on top of what you already have, you'd obviously aim for one integrated process.

But regardless, I hear your point and agree with lots of other things you wrote.

[maccard]

> you'd obviously aim for one integrated process.

And that integrated process in a world where you ahve multiple providers (Steam, PSN, Xbox) is likely your CI provider. As long as the token generation is correct, and you treat the vdf files like any other build secrets, it's no worse than GHA being able to deploy to AWS and having 2FA on your AWS console access.