Support GitHub App and Personal Access Token authentication for Building Block repo cloning
F
Florian Nowarre
Problem / Use Case
When configuring a Building Block Definition that clones a GitHub repository, meshStack currently only supports SSH keys. This is a significant operational burden for platform teams in many organizations because:
- SSH keys must be individually managed per Building Block Definition — every definition requiring its own key pair, with no way to share credentials across definitions.
- GitHub Apps and Personal Access Tokens (PATs) are the preferred, modern approach for automation in GitHub, offering fine-grained repository permissions, short-lived credentials, and centralized management without requiring a dedicated "machine user."
As a result, platform teams working in GitHub-first organizations are forced to maintain workarounds or cannot adopt meshStack Building Blocks at all for their GitHub-based automation.
Value / Impact
Supporting GitHub App installations and/or Personal Access Tokens (PATs) as alternative authentication methods for cloning repos would:
- Remove a major adoption blocker for GitHub-heavy platform teams.
- Align meshStack with GitHub's own recommended authentication best practices (see GitHub Apps documentation and Managing personal access tokens).
- Enable fine-grained repository access control without requiring a dedicated GitHub machine user.
- Support short-lived, automatically-rotating tokens through GitHub Apps, improving security posture.
- Allow one set of credentials to be reused across multiple Building Block Definitions in a workspace.
Context / Links
Related Canny requests that highlight the same pain for other git providers:
- Support Azure DevOps OAuth via Service Principal to checkout Git repositories
- One SSH-key for multiple Building Blocks
If you're running into this issue or have a specific use case, please reach out to support@meshcloud.io — we'd love to hear the details.