Now install tools that are only available as github released binaries. And ensure that hashes match for that. Maybe install a tool that needs to be compiled.

What if, get this, we put the bash scripts in yaml. And then put it in kubernetes.

And what is the token in the link?

Consider that a ‘username+password’ is much harder to ‘revoke’ individually. As in, you can have 3-4 API keys in use, and can revoke any one of them without having to change a password.

You can also change password independently of the keys, or have it linked so keys are revoked on a password change. It also allows traceability as to where accesses are coming from (auditability). If everything is using the same client-id+secret (or usn/pwd), you don’t know which ‘client’ is doing what.