Storing GitHub Personal Access Token for AWS CodeBuild
TypeScriptTo securely store a GitHub Personal Access Token for use with AWS CodeBuild, you would use the
aws.codebuild.SourceCredential
resource. This resource allows you to define credentials for accessing source code repositories, which AWS CodeBuild can then use to access your GitHub repository.The
token
property is where you would specify your GitHub Personal Access Token, and it should be marked as a secret to ensure it's encrypted and not exposed. TheauthType
for GitHub should be set toPERSONAL_ACCESS_TOKEN
, and theserverType
should beGITHUB
.Below, I'm providing a Pulumi program that creates a
SourceCredential
for GitHub in AWS CodeBuild. This program assumes you have already created a Personal Access Token on GitHub with the appropriate permissions for CodeBuild to access your repositories.Please remember to install the necessary dependencies before running this program by executing
npm install @pulumi/aws
.import * as pulumi from "@pulumi/pulumi"; import * as aws from "@pulumi/aws"; // Create a new CodeBuild source credential for GitHub const githubSourceCredential = new aws.codebuild.SourceCredential("github-token", { // The personal access token authType: "PERSONAL_ACCESS_TOKEN", serverType: "GITHUB", // Token should be set as a secret to ensure it is encrypted token: pulumi.secret("your-github-access-token"), }); export const sourceCredentialArn = githubSourceCredential.arn; // Remember to replace `your-github-access-token` with your actual GitHub Personal Access Token.
When you run this program with Pulumi, it will create a
SourceCredential
in AWS CodeBuild, which can be referenced by your build projects to access your GitHub repositories. Always keep your tokens and secrets out of plaintext files and use Pulumi's secret handling or environment variables to keep them secure.After you have created the
SourceCredential
, you can then use it in your CodeBuild project by specifying thesource
property of theaws.codebuild.Project
resource to include theauth
block with your source credential's ARN.Remember to replace
'your-github-access-token'
with the actual GitHub Personal Access Token you have generated. Keep this token secret, and don't share it in your code repositories or with unauthorized users.For more details on
aws.codebuild.SourceCredential
and related properties, refer to the Pulumi AWS documentation.