Harbor: Ability to sync robot accounts between replicated Harbor instances

I have the same scenario. And also replication of other projects options could be good like labels, tag retention, tag imutability, etc etc

If the robot account replication is not possible, maybe something to allow us to customize the token during the robot creation, thus we can use the same token for our other harbors servers.

We are facing a similar issue. This request and @vzanlnx's comments is most likely what we are looking for.

I know exactly what you are talking about but the current proprietary token service in Harbor does not allow for that, a robot at its highest degree of freedom will be scoped to the instance. For this requirement, we need to expose the token auth service somehow. The project name will probably have to be the same as well maybe? @reasonerjt @wy65701436 please correct me if I'm wrong

@vzanlnx @fivezerosix your requirements already tracked as part of the following
https://github.com/goharbor/harbor/issues/8709
https://github.com/goharbor/harbor/issues/8207

a robot at its highest degree of freedom will be scoped to the instance. For this requirement, we need to expose the token auth service somehow. The project name will probably have to be the same as well maybe?

As far as I looked in how robo accounts work then token auth service won't be greatest problem - separate instances can be used as long as JWK keys match ( at least in theory). main problem is robo account token mapping to projects - as robo tokens (v2.1.1) contain project ID which could differ between harbor instances