As of now, build systems like TeamCity need to retrieve the sources via SSH and a private key infrastructure in order to be secure & do not use up an additional "service user" license for each project.
This has two major drawbacks:
- It forces us to manage the private key infrastructure (administrative overhead)
- It is not recommended to use SSH via automatic build tools according to the docs: https://confluence.atlassian.com/display/STASH/Enabling+SSH+access+to+Git+repositories+in+Stash
Furthermore, it forces us to enable SSH on Stash in the first place, this is not a huge drawback (due to the minimal configuration), however, still a security issue.
Optimally we would have:
- a default service user for each project
- enabling the "service users" feature costs only a single user license in total (regardless of how many projects provide service users)
- the service user can simply connect via HTTPS like all other Stash users
(see also https://answers.atlassian.com/questions/313156/stash-licensing-for-ci-build-systems for a discussion on the topic)