Why must we supply a github_personal_access_token when building the AMI?
JonathanAquino-NextRoll opened this issue · 1 comments
JonathanAquino-NextRoll commented
In the instructions for building the AMI (Building aggregation service artifacts), part of the instructions is to put a github_personal_access_token in codebuild.auto.tfvars.
Can you provide more information on this token?
- What scopes are required? All of them?
- Why do we need to supply a GitHub Personal Access Token? Is it to read something from GtHub?
- I feel uncomfortable putting this sensitive token in AWS where anyone in my company can access it.
JonathanAquino-NextRoll commented
Answering my own questions.
- None. It says to set it to a github_personal_access_token_without_permissions
- It is used for PACKER_GITHUB_API_TOKEN
- The token doesn't have any scopes so not a problem.