Guide
How to share private GitHub repo docs without giving repo access
You can share documentation from a private GitHub or GitLab repo without granting repo access — here are the options (collaborator invites, deploy a site, or a viewer overlay) and the safest one.
The short answer
To share docs from a private GitHub repo without giving repo access, don't add the person as a collaborator (that exposes the whole repo and triggers a security review). Instead, render the docs outside the repo: deploy a static site (you host and maintain it) or, fastest, put a read-only viewer over the repo that authenticates readers separately. With a viewer like Miradorly, you connect the repo, exclude internal files with .docignore, and invite the client by email with a viewer/commenter role — they read only what you assigned, with no GitHub account and no repo access.
You keep your project documentation in a private GitHub (or GitLab) repo, and someone outside the team — a client, a contractor, a stakeholder — needs to read it. The instinct is to add them as a collaborator. Don't. There's a safer, faster way that exposes only the docs and nothing else.
Why "just add them as a collaborator" is the wrong move
GitHub access is repo-level. Add an outside person as a collaborator and they can see:
- all your source code,
- the full commit history,
- every other doc and internal file in the repo.
There's no native "read only this one folder" for outside collaborators. So a collaborator invite over-grants access, usually triggers a security review, and gives a non-technical person a developer UI they can't navigate anyway. Wrong tool for the job.
The options that don't expose the repo
Option 1 — Deploy a static site from the docs
Build a site (Docusaurus, MkDocs, etc.) from the markdown and host it. The reader sees only the rendered docs, not the repo. The cost: you build, deploy, host, and maintain it, plus add auth yourself if the docs shouldn't be fully public, plus bolt on comments (Giscus needs a GitHub login). Real engineering work for a moving target.
Option 2 — Put a read-only viewer over the repo (fastest)
Connect a hosted viewer to the private repo. It renders the markdown and authenticates readers separately from GitHub. You pick which folders are exposed, exclude internal files, and invite people by email with a role. They never get repo access.
This is the lowest-effort, safest path, and it stays current automatically on every git push.
How to do it with a viewer (step by step)
Using Miradorly as the example:
- Connect the repo — install the GitHub/GitLab app, select the markdown folders to expose.
- **Add a
.docignore** — exclude anything internal so it's never rendered, indexed, or returned over MCP:
# .docignore — never leaves the team
CLAUDE.md
**/secrets/**
internal/
drafts/
*.internal.md- Invite the reader by email with a
viewer(read) orcommenter(read + comment) role, scoped to their project only. - Keep writing in your editor. Push commits; the viewer re-renders. The reader always sees the latest, scoped to exactly what you allowed.
Access compared
| Method | Exposes whole repo | Needs GitHub account | Per-doc scoping | Stays current |
|---|---|---|---|---|
| Add as collaborator | ✅ (bad) | ✅ | ❌ | ✅ |
| Static site | ❌ | depends | ⚠️ DIY | ⚠️ rebuild |
| Viewer overlay | ❌ | ❌ | ✅ | ✅ auto |
A note on AI access
If the reader also wants their AI agent to query the docs, a role-aware MCP lets them — scoped to the same permissions, with .docignore files excluded. That's something neither a collaborator invite nor a plain static site gives you. More in role-aware MCP for docs.
Bottom line
Sharing private repo docs is a scoping problem, and GitHub's collaborator model can't scope to a folder for outside people. Render the docs outside the repo — a viewer overlay is the fastest, safest way — invite by email, exclude internal files with .docignore, and nobody ever sees your repo.
Frequently asked questions
Can I give someone read access to only one folder in a private GitHub repo?
Not cleanly. GitHub's collaborator access is repo-level; there's no native per-folder read-only sharing for outside people. To scope access to specific docs, render them outside the repo with a viewer that has its own per-project permissions, like Miradorly.
Is adding a client as a collaborator safe?
It's risky — they can see the entire repo (code, history, other docs), and it usually requires a security review. Sharing through a viewer that exposes only selected docs and excludes internal files via .docignore is safer.
How do I make sure secrets and internal files aren't exposed?
Use an ignore file. Miradorly's .docignore (same syntax as .gitignore) means matched files — CLAUDE.md, secrets, drafts — are never rendered, never indexed, and never returned over MCP, for any reader.
Do they need a GitHub account?
No, if you use a viewer with its own auth. Miradorly readers sign in with email or Google and never touch GitHub.