Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[FEAT] `secrets.GITHUB_TOKEN` doesn't work with GitHub auth engine

See original GitHub issue

Is your feature request related to a problem? Please describe. secrets.GITHUB_TOKEN cannot be used to authenticate to the GitHub secrets engine.

Describe the solution you’d like The secrets.GITHUB_TOKEN is able to be exchanged for a Vault token.

Additional context It seems Vault wants to call https://api.github.com/user for the token that was passed to the auth engine. But the token isn’t scoped to that API, and returns GET https://api.github.com/user: 403 Resource not accessible by integration.

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Reactions:1
  • Comments:6 (1 by maintainers)

github_iconTop GitHub Comments

1reaction
steveteubercommented, Jan 28, 2021

We also assumed that this is working, because the ${{ secrets.GITHUB_TOKEN }} is used in the examples:

with:
  url: https://vault.mycompany.com:8200
  method: github
  githubToken: ${{ secrets.GITHUB_TOKEN }}
  caCertificate: ${{ secrets.VAULTCA }}

https://github.com/hashicorp/vault-action/blob/master/README.md#authentication-method

0reactions
jasonodonnellcommented, Jun 3, 2021

Closing since this is documented and a known limitation of Vault’s GH auth method.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Automatic token authentication - GitHub Docs
The GITHUB_TOKEN secret is a GitHub App installation access token. You can use the installation access token to authenticate on behalf of the...
Read more >
GITHUB_TOKEN does not have access to other private ...
The GITHUB_TOKEN should have package:read access to all packages in the same org. ... On a more serious note, why doesn't app accounts...
Read more >
Can't use GitHub CLI with GITHUB_TOKEN to mark PR as ...
I'm using it to create a new branch and then a pull request from a GitHub Actions workflow; to authenticate, I use the...
Read more >
Automatic token authentication - GitHub Enterprise Server 3.4 ...
If the default permissions for the GITHUB_TOKEN are restrictive, you may have to elevate the permissions to allow some actions and commands to...
Read more >
The GITHUB_TOKEN in GitHub Actions: How it Works ...
The GITHUB_TOKEN secret is basically a GitHub App installation access token. Before each job begins, GitHub fetches an installation access ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

[FEAT] Please document that selector are using JSONata

Next page

[BUG] ##[error]unable to get local issuer certificate