Personal Access Token equivalent for Integrations



I asked this in GitHub support and they thought it was better suited here

I have an application that interacts with GitHub. I have previously used a Bot user for this, but now I’m transitioning it to an Integration. There is one issue that I have come across that I’m not sure how to solve.

I use AWS CodePipeline and I provision my pipelines through CloudFormation. When doing it this way, CodePipeline requires that I supply my own API Token for access to the repositories.
(see the docs - at the bottom under the “Action Configuration Properties for Provider Types” table)

I previously just created a Personal API Token for the bot user and that worked fine. But I don’t see a way to get a token like that from an Integration. I would like to remove the bot user from my org so I can free up a seat, but I don’t think using a user’s Personal API Token is the proper approach either.

This could be more of an issue with AWS. When creating a Pipeline through the console, it authenticates by itself through the OAuth workflow. But you obviously can’t do that in CloudFormation, so the only answer I came up with was Personal API Tokens.

Do you have any thoughts or a recommended answer to my problem?



@jmilas or @keavy, have you come across this before?


Maybe @izuzak can help?


Hey, @gkrizek :wave: – sorry for the delay in getting back to you on this.

No, there are no personal access tokens for Integrations currently. I’ve shared your feedback internally to see what the team thinks and if they have advice for you. To me, it seems strange to do what you’re describing. If you want to move over to Integrations, AWS should build an Integration and then you could install it on the repositories you want (and you wouldn’t need to create any tokens manually and pass them around like you do now). You shouldn’t be building an Integration here since you’re not the one providing a service – you’re just using a service.

But I think I understand your general goal – you would like to use a service which is currently asking you to provide a personal access token. And you’d like to create that token for your organization, instead of a specific user you created just for this, so that you can free up a seat. Again, I’ve passed this along to the team to consider and we’ll followup if we have any advice or if there’s any news.

Thanks for sharing your use-case and providing feedback! :bow:


@izuzak Thanks for the message. I agree, in this case it should really be on AWS to create an integration to use for authentication. Sadly, their time to implement new feature requests is usually pretty long.

Just wanted to make sure I wasn’t missing anything that I could be doing on my side.

Thanks for the help. :slight_smile:


Does CodePipeline work with plain SSH keys?


No, not that I have seen. Only supports a token.