GitHub Connection

Navigate to the GitHub app settings here. Click New GitHub App.

Give the application a name, a homepage URL (your self-hosted domain i.e. https://your-domain.com), and a callback URL (i.e. https://your-domain.com/organization/app-connections/github/oauth/callback).

Enable request user authorization during app installation.

Disable webhook by unchecking the Active checkbox.

Set the repository permissions as follows: Metadata: Read-only, Secrets: Read and write, Environments: Read and write, Actions: Read.

Similarly, set the organization permissions as follows: Secrets: Read and write.

Create the Github application.

Generate a new Client Secret for your GitHub application.

Generate a new Private Key for your Github application.

Obtain the necessary Github application credentials. This would be the application slug, client ID, app ID, client secret, and private key.

Back in your Infisical instance, add the five new environment variables for the credentials of your GitHub application:

• INF_APP_CONNECTION_GITHUB_APP_CLIENT_ID: The Client ID of your GitHub application.
• INF_APP_CONNECTION_GITHUB_APP_CLIENT_SECRET: The Client Secret of your GitHub application.
• INF_APP_CONNECTION_GITHUB_APP_SLUG: The Slug of your GitHub application. This is the one found in the URL.
• INF_APP_CONNECTION_GITHUB_APP_ID: The App ID of your GitHub application.
• INF_APP_CONNECTION_GITHUB_APP_PRIVATE_KEY: The Private Key of your GitHub application.

Once added, restart your Infisical instance and use the GitHub integration via app authentication.