Repository files navigation

A lambda function runs as a GitHub Application and periodically gets a new GitHub Runner Registration Token from theGitHub API. This token is then stored in AWS Systems Manager Parameter Store.

This function should be deployed using theterraform-aws-github-action-token-rotatormodule.

1. Browse tohttps://github.com/organizations/{YOUR_ORG}/settings/apps and click the New GitHub App button

2. Set the name to "GitHub Action Token Rotator"

3. Set the Homepage URL tohttps://github.com/cloudposse/lambda-github-action-token-rotator

4. Uncheck the Active checkbox under the Webhook heading

5. SelectRead and write under Organization permissions -> Self-hosted runners

6. Click the Create GitHub App button at the bottom of the page

7. Under theClient secrets section, click theGenerate a new client secret button

8. Copy the Client secret to a safe place, it will be needed to install the app

9. Under thePrivate key section, click theGenerate a private key button

10. Download the private key to a safe place, it will be needed to install the app

11. Convert the private key to a PEM file using the following command:openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in {DOWNLOADED_FILE_NAME}.pem -out private-key-pkcs8.key

This project is under active development, and we encourage contributions from our community.

Many thanks to our outstanding contributors:

For 🐛 bug reports & feature requests, please use theissue tracker.

In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow.

1. Review ourCode of Conduct andContributor Guidelines.
2. Fork the repo on GitHub
3. Clone the project to your own machine
4. Commit changes to your own branch
5. Push your work back up to your fork
6. Submit aPull Request so that we can review your changes

NOTE: Be sure to merge the latest changes from "upstream" before making a pull request!

Join ourOpen Source Community on Slack. It'sFREE for everyone! Our "SweetOps" community is where you get to talk with others who share a similar vision for how to rollout and manage infrastructure. This is the best place to talk shop, ask questions, solicit feedback, and work together as a community to build totallysweet infrastructure.

Sign up forour newsletter and join 3,000+ DevOps engineers, CTOs, and founders who get insider access to the latest DevOps trends, so you can always stay in the know.Dropped straight into your Inbox every week — and usually a 5-minute read.

Join us every Wednesday via Zoom for your weekly dose of insider DevOps trends, AWS news and Terraform insights, all sourced from our SweetOps community, plus alive Q&A that you can’t find anywhere else.It'sFREE for everyone!

Licensed to the Apache Software Foundation (ASF) under oneor more contributor license agreements.  See the NOTICE filedistributed with this work for additional informationregarding copyright ownership.  The ASF licenses this fileto you under the Apache License, Version 2.0 (the"License"); you may not use this file except in compliancewith the License.  You may obtain a copy of the License at  https://www.apache.org/licenses/LICENSE-2.0Unless required by applicable law or agreed to in writing,software distributed under the License is distributed on an"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANYKIND, either express or implied.  See the License for thespecific language governing permissions and limitationsunder the License.

All other trademarks referenced herein are the property of their respective owners.

Copyright © 2022-2025Cloud Posse, LLC