🔐 App Token Generator

A tool to generate Github Access Token on the fly

Introduction

Background

Using default settings with GitHub Apps may put you at risk of leaking data between GitHub App installations. GitHub allows developers to create what is referred to as a GitHub app. A GitHub app can be installed on a GitHub organization or a personal GitHub account. Once installed, the GitHub app can request a new token for each installation of the app. The GitHub App has a private key that is used to generate a GitHub App token. This token can be used for a subset of the GitHub APIs.

Application

App Token Generator is a serverless function offers the end-user a way to dynamically generate a Github Access Token tailored to be used in any back-end system. It can also be intergrated in the standard CICD Pipeline as a seperate step or stage.

Local Setup

Pre-requisite

• Put private-key.pem associtated to your Github Application under the project root path

Run

GITHUB_APP_KEY=private-key.pem APP_ID=<YOUR GITHUB_APP_ID> ./handler.rb

Containerization

Build the image

docker build -t app-token-generator:latest .

Run the application as a container

docker run --rm -it \
           --name app-token-generator \
           -e APP_ID=<YOUR GITHUB_APP_ID> \
           -e GITHUB_APP_KEY=<KEY LOCATION> \
           -v $(PWD)/private-key.pem:<KEY_LOCATION> \
           quay.io/techprober/app-token-generator:latest

References

• GitHub Apps - How to avoid leaking your customer’s source code with GitHub apps
• GitHub Docs - Authenticating with github apps
• GitHub API Docs - Create an installation access token for an app