Skip to main content
This guide walks you through obtaining all required credentials for the GitHub plugin.

Authentication Methods

The GitHub plugin supports both API key (Personal Access Token) and OAuth 2.0 authentication methods.
  • api_key - Personal Access Token authentication
  • oauth_2 - OAuth App authentication

API Key Authentication (Personal Access Token)

Step 1: Create Personal Access Token

  1. Go to GitHub Settings → Developer settings → Personal access tokens → Tokens (classic)
  2. Click Generate new tokenGenerate new token (classic)
  3. Give your token a descriptive name
  4. Set an expiration (or select “No expiration” for long-lived tokens)
  5. Select the required scopes:
    • repo - Full control of private repositories
    • read:org - Read org and team membership
    • read:user - Read user profile data
    • workflow - Update GitHub Action workflows
    • Add any other scopes your application needs
  6. Click Generate token
  7. Important: Copy the token immediately - you won’t be able to see it again
  8. Store the token securely
Storing Credentials: Store the token with the Corsair CLI: 
pnpm corsair setup --plugin=github api_key=your-personal-access-token
Verify it was saved: 
pnpm corsair auth --plugin=github --credentials

OAuth 2.0 Authentication

Step 1: Register OAuth App

  1. Go to GitHub Settings → Developer settings → OAuth Apps
  2. Click New OAuth App
  3. Fill in the application details:
    • Application name: Your app name
    • Homepage URL: Your application URL
    • Authorization callback URL: Your OAuth callback URL (e.g., https://yourapp.com/auth/github/callback)
  4. Click Register application

Step 2: Get Client Credentials

  1. After registration, you’ll see your Client ID
  2. Click Generate a new client secret
  3. Copy the Client ID and Client Secret
  4. Store these securely
Storing Credentials: Store your OAuth app credentials, then start the flow: 
pnpm corsair setup --plugin=github client_id=your-client-id client_secret=your-client-secret
pnpm corsair auth --plugin=github
The CLI prints an authorization URL — open it in a browser. Once you approve, tokens are saved automatically. To verify credentials were stored: 
pnpm corsair auth --plugin=github --credentials

Webhook Secret

Step 1: Create Webhook

  1. Go to your repository on GitHub
  2. Navigate to SettingsWebhooks
  3. Click Add webhook
  4. Configure the webhook:
    • Payload URL: Your webhook endpoint (e.g., https://yourapp.com/api/webhook)
    • Content type: application/json
    • Secret: Generate a random secret string (save this)
    • Events: Select the events you want to receive:
      • Pull requests
      • Pushes
      • Issues
      • Stars
      • Releases
  5. Click Add webhook

Step 2: Store Webhook Secret

Copy the secret you generated and store it using the CLI: 
pnpm corsair setup --plugin=github webhook_signature=your-webhook-secret

Required Credentials Summary

CredentialRequired ForWhere to Find
Personal Access TokenAPI Key authSettings → Developer settings → Personal access tokens
Client IDOAuth 2.0Settings → Developer settings → OAuth Apps
Client SecretOAuth 2.0Settings → Developer settings → OAuth Apps
Webhook SecretWebhooksRepository Settings → Webhooks → Secret
For general information about how Corsair handles authentication, see Authentication.