Fore security reason I would like to have group token which have no expiration limit and allow it’s holder to read package (maven, npm, composer, etc.) registry only. The toke should not allow git pull.
It seems that “read_registry” is for container images (docker) and “read_repository” for git and packages.
Is it so or I’m wrong?