- GitHub App (Recommended)
- OAuth
- Personal Access Token
Infisical will use a GitHub App with finely grained permissions to connect to GitHub.
Self-Hosted Instance
Self-Hosted Instance
Using the GitHub integration with app authentication on a self-hosted instance of Infisical requires configuring an application on GitHub
and registering your instance with it.
1
Create an application on GitHub
Navigate to the GitHub app settings here. Click New GitHub App.
Give the application a name, a homepage URL (your self-hosted domain i.e. 
Enable request user authorization during app installation.
Disable webhook by unchecking the Active checkbox.
Set the repository permissions as follows: Metadata: Read-only, Secrets: Read and write, Environments: Read and write, Actions: Read.
Similarly, set the organization permissions as follows: Secrets: Read and write.
Create the Github application.
Give the application a name, a homepage URL (your self-hosted domain i.e. https://your-domain.com), and a callback URL (i.e. https://your-domain.com/organization/app-connections/github/oauth/callback).Enable request user authorization during app installation.Disable webhook by unchecking the Active checkbox.Set the repository permissions as follows: Metadata: Read-only, Secrets: Read and write, Environments: Read and write, Actions: Read.Similarly, set the organization permissions as follows: Secrets: Read and write.Create the Github application.If you have a GitHub organization, you can create an application under it
in your organization Settings > Developer settings > GitHub Apps > New GitHub App.
2
Add your application credentials to Infisical
Generate a new Client Secret for your GitHub application.
Generate a new Private Key for your Github application.
Obtain the necessary Github application credentials. This would be the application slug, client ID, app ID, client secret, and private key.
Back in your Infisical instance, you can configure the GitHub App credentials in one of two ways:Option 1: Server Admin Panel (Recommended)Navigate to the server admin panel > Integrations > GitHub App and enter the GitHub application credentials:
Generate a new Private Key for your Github application.Obtain the necessary Github application credentials. This would be the application slug, client ID, app ID, client secret, and private key.Back in your Infisical instance, you can configure the GitHub App credentials in one of two ways:Option 1: Server Admin Panel (Recommended)Navigate to the server admin panel > Integrations > GitHub App and enter the GitHub application credentials:- Client ID: The Client ID of your GitHub application
- Client Secret: The Client Secret of your GitHub application
- App Slug: The Slug of your GitHub application (found in the URL)
- App ID: The App ID of your GitHub application
- Private Key: The Private Key of your GitHub application
INF_APP_CONNECTION_GITHUB_APP_CLIENT_ID: The Client ID of your GitHub application.INF_APP_CONNECTION_GITHUB_APP_CLIENT_SECRET: The Client Secret of your GitHub application.INF_APP_CONNECTION_GITHUB_APP_SLUG: The Slug of your GitHub application. This is the one found in the URL.INF_APP_CONNECTION_GITHUB_APP_ID: The App ID of your GitHub application.INF_APP_CONNECTION_GITHUB_APP_PRIVATE_KEY: The Private Key of your GitHub application.
Setup GitHub Connection in Infisical
1
Navigate to App Connections
Navigate to the App Connections page in the desired project.
2
Add Connection
Select the GitHub Connection option from the connection options modal.
3
Authorize Connection
Select the GitHub App method and click Connect to GitHub.You may optionally configure GitHub Enterprise options:
- Gateway: The gateway connected to your private network
-
Hostname: The hostname at which to access your GitHub Enterprise instance
4
Install GitHub App
You will then be redirected to the GitHub app installation page.Install and authorize the GitHub application. This will redirect you back to Infisical’s App Connections page.
5
Connection Created
Your GitHub Connection is now available for use.