Create distinct user for DO automation

[LesnyRumcajs]

Issue summary

Right now, are personal keys are in the secrets, making it difficult for auditing changes on Digital Ocean (who deployed the service - was it David, Github on behalf of David or Hubert who found his key somewhere?).

There should be a distinct user (forest-iac, forest-automation, leshy...) that handles this and makes it easier to track changes. It is also good from a security standpoint.

Other information and links

[samuelarogbonlo]

@LesnyRumcajs, unfortunately from my understanding DigitalOcean lacks the direct feature to create service accounts distinct from human user accounts for the purpose of automation or infrastructure management. To implement a system where each service (like forest-iac, forest-automation) operates under a separate 'user', you would need to set up individual user accounts for each service. This approach not only increases management overhead but also complicates access control. User management is a big flaw in the digitalOcean.

[LesnyRumcajs]

I am aware that DO lacks service accounts. This issue is about a separate automation account, one for all services managed via this repository.

[samuelarogbonlo]

I am aware that DO lacks service accounts. This issue is about a separate automation account, one for all services managed via this repository.

@LesnyRumcajs, Got it, just to make sure I’m understanding correctly: to set up a dedicated account for automation, we'd need to create a dedicated account for automation. we would have to create a new fresh DO account unless what you're suggesting is more along the lines of creating a dedicated user within an existing account or utilizing the My Teams feature.

[LesnyRumcajs]

Yeah, it'd most likely need to be a fresh DO user, i.e., forest-automation.