Skip to main content

How to generate the GitHub Personal Access Token for Infrastructure

Personal access tokens (PATs) are a secure way to grant third-party applications access to your GitHub account. They are an alternative to using your GitHub password, which can be more secure as they can be limited to specific scopes and can be revoked if they are compromised.

Warning Classic PATs are the older version of PATs and are still supported by GitHub. They have been deprecated in favor of fine-grained PATs, which offer more granular control over permissions. However, classic PATs are still a viable option for many users and used here.

In this document, we will describe how to generate a classic PAT in GitHub and add it as a secret to the three UKSA repositories.

Generating a Classic Personal Access Token

  1. Navigate to your GitHub settings: Click on your profile picture in the top right corner of any GitHub page and select “Settings” from the dropdown menu.

  2. Access Developer Settings: In the left sidebar, click on “Developer settings”.

  3. Generate a new token: Under the “Personal access tokens” section, click on “Generate new token”. GitHub Action Image

  4. Provide a descriptive name: In the “Note” field, give your token a descriptive name so you can easily identify it later, e.g. “Terraform PAT”.

  5. Set expiration: If you want your token to expire after a certain period, select “Expiration” and choose the desired expiration time. We expire after 30 days and regenerate.

  6. Select permissions: Choose the permissions you want to grant to your token. We use the the token to access repositories, so select the “repo” scope. GitHub Action Image

  7. Generate the token: Once you have selected the desired permissions, click on “Generate token”.

  8. Copy and save the token: Your newly generated token will be displayed on the screen. Copy and save this token securely, as it will be needed later. GitHub Action Image

Adding the Token as a Secret to Repositories

Warning This will be done over three repositories.

  1. Navigate to the repository settings: Go to the page of the repository where you want to add the token as a secret.

  2. Access settings: Click on “Settings” in the top right corner of the repository page.

  3. Open Secrets section: In the left sidebar, click on “Secrets and Variables” and select “Actions”.

  4. Find the secret for the respective repo: Either INFRA_REPO_TOKEN (for sst-beta and sst-beta-python-backend) or TF_GITHUB_TOKEN (for sst-beta-infra)

  5. Paste the token: In the “Value” field, paste the personal access token you generated earlier.

  6. Save the secret: Click on “Update secret” to save the token as a secret for the repository.

Repeat for Additional Repositories

Repeat the process of adding the token as a secret for each repository.

This page was last reviewed on 20 November 2023. It needs to be reviewed again on 20 November 2024 .
This page was set to be reviewed before 20 November 2024. This might mean the content is out of date.