open-vault/website/source/api/auth/github/index.html.md

---
layout: "api"
page_title: "GitHub - Auth Methods - HTTP API"
sidebar_title: "GitHub"
sidebar_current: "api-http-auth-github"
description: |-
  This is the API documentation for the Vault GitHub auth method.
---

# GitHub Auth Method (API)

This is the API documentation for the Vault GitHub auth method. For
general information about the usage and operation of the GitHub method, please
see the [Vault GitHub method documentation](/docs/auth/github.html).

This documentation assumes the GitHub method is enabled at the `/auth/github`
path in Vault. Since it is possible to enable auth methods at any location,
please update your API calls accordingly.

## Configure Method

Configures the connection parameters for GitHub. This path honors the
distinction between the `create` and `update` capabilities inside ACL policies.

| Method   | Path                         |
| :--------------------------- | :--------------------- |
| `POST`   | `/auth/github/config`          |

### Parameters

- `organization` `(string: <required>)` - The organization users must be part
  of.
- `base_url` `(string: "")` - The API endpoint to use. Useful if you are running
  GitHub Enterprise or an API-compatible authentication server.
- `ttl` `(string: "")` - Duration after which authentication will be expired.
- `max_ttl` `(string: "")` - Maximum duration after which authentication will
  be expired.

### Sample Payload

```json
{
  "organization": "acme-org"
}
```

### Sample Request

```
$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/auth/github/config
```

## Read Configuration

Reads the GitHub configuration.

| Method   | Path                         |
| :--------------------------- | :--------------------- |
| `GET`    | `/auth/github/config`        |

### Sample Request

```
$ curl \
    --header "X-Vault-Token: ..." \
    http://127.0.0.1:8200/v1/auth/github/config
```

### Sample Response

```json
{
  "request_id": "812229d7-a82e-0b20-c35b-81ce8c1b9fa6",
  "lease_id": "",
  "lease_duration": 0,
  "renewable": false,
  "data": {
    "organization": "acme-org",
    "base_url": "",
    "ttl": "",
    "max_ttl": ""
  },
  "warnings": null
}
```

## Map GitHub Teams

Map a list of policies to a team that exists in the configured GitHub organization.

| Method   | Path                         |
| :--------------------------- | :--------------------- |
| `POST`   | `/auth/github/map/teams/:team_name`   |

### Parameters

- `key` `(string)` - GitHub team name in "slugified" format
- `value` `(string)` - Comma separated list of policies to assign

### Sample Payload

```json
{
  "value": "dev-policy"
}
```

### Sample Request

```
$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/auth/github/map/teams/dev
```


## Read Team Mapping

Reads the GitHub team policy mapping.

| Method   | Path                         |
| :--------------------------- | :--------------------- |
| `GET`    | `/auth/github/map/teams/:team_name`        |

### Sample Request

```
$ curl \
    --header "X-Vault-Token: ..." \
    http://127.0.0.1:8200/v1/auth/github/map/teams/dev
```

### Sample Response

```json
{
  "request_id": "812229d7-a82e-0b20-c35b-81ce8c1b9fa6",
  "lease_id": "",
  "renewable": false,
  "lease_duration": 0,
  "data": {
    "key": "dev",
    "value": "dev-policy"
  },
  "wrap_info": null,
  "warnings": null,
  "auth": null
}
```

## Map GitHub Users

Map a list of policies to a specific GitHub user exists in the configured
organization.

| Method   | Path                         |
| :--------------------------- | :--------------------- |
| `POST`   | `/auth/github/map/users/:user_name`     |

### Parameters

- `key` `(string)` - GitHub user name
- `value` `(string)` - Comma separated list of policies to assign

### Sample Payload

```json
{
  "value": "sethvargo-policy"
}
```

### Sample Request

```
$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/auth/github/map/users/sethvargo
```

The user with username `sethvargo` will be assigned the `sethvargo-policy`
policy **in addition to** any team policies.

## Read User Mapping

Reads the GitHub user policy mapping.

| Method   | Path                         |
| :--------------------------- | :--------------------- |
| `GET`    | `/auth/github/map/users/:user_name`        |

### Sample Request

```
$ curl \
    --header "X-Vault-Token: ..." \
    http://127.0.0.1:8200/v1/auth/github/map/users/sethvargo
```

### Sample Response

```json
{
  "request_id": "764b6f88-efba-51bd-ed62-cf1c9e80e37a",
  "lease_id": "",
  "renewable": false,
  "lease_duration": 0,
  "data": {
    "key": "sethvargo",
    "value": "sethvargo-policy"
  },
  "wrap_info": null,
  "warnings": null,
  "auth": null
}
```


## Login

Login using GitHub access token.

| Method   | Path                         |
| :--------------------------- | :--------------------- |
| `POST`   | `/auth/github/login`         |

### Parameters

- `token` `(string: <required>)` - GitHub personal API token.

### Sample Payload

```json
{
  "token": "ABC123..."
}
```

### Sample Request

```
$ curl \
    --request POST \
    http://127.0.0.1:8200/v1/auth/github/login
```

### Sample Response

```javascript
{
  "lease_id": "",
  "renewable": false,
  "lease_duration": 0,
  "data": null,
  "warnings": null,
  "auth": {
    "client_token": "64d2a8f2-2a2f-5688-102b-e6088b76e344",
    "accessor": "18bb8f89-826a-56ee-c65b-1736dc5ea27d",
    "policies": ["default"],
    "metadata": {
      "username": "fred",
      "org": "acme-org"
    },
  },
  "lease_duration": 7200,
  "renewable": true
}
 ```
API Docs updates (#3101) 2017-08-08 16:28:17 +00:00			`---`
			`layout: "api"`
Standardize on "auth method" This removes all references I could find to: - credential provider - authentication backend - authentication provider - auth provider - auth backend in favor of the unified: - auth method 2017-09-13 01:48:52 +00:00			`page_title: "GitHub - Auth Methods - HTTP API"`
New Docs Website (#5535) * conversion stage 1 * correct image paths * add sidebar title to frontmatter * docs/concepts and docs/internals * configuration docs and multi-level nav corrections * commands docs, index file corrections, small item nav correction * secrets converted * auth * add enterprise and agent docs * add extra dividers * secret section, wip * correct sidebar nav title in front matter for apu section, start working on api items * auth and backend, a couple directory structure fixes * remove old docs * intro side nav converted * reset sidebar styles, add hashi-global-styles * basic styling for nav sidebar * folder collapse functionality * patch up border length on last list item * wip restructure for content component * taking middleman hacking to the extreme, but its working * small css fix * add new mega nav * fix a small mistake from the rebase * fix a content resolution issue with middleman * title a couple missing docs pages * update deps, remove temporary markup * community page * footer to layout, community page css adjustments * wip downloads page * deps updated, downloads page ready * fix community page * homepage progress * add components, adjust spacing * docs and api landing pages * a bunch of fixes, add docs and api landing pages * update deps, add deploy scripts * add readme note * update deploy command * overview page, index title * Update doc fields Note this still requires the link fields to be populated -- this is solely related to copy on the description fields * Update api_basic_categories.yml Updated API category descriptions. Like the document descriptions you'll still need to update the link headers to the proper target pages. * Add bottom hero, adjust CSS, responsive friendly * Add mega nav title * homepage adjustments, asset boosts * small fixes * docs page styling fixes * meganav title * some category link corrections * Update API categories page updated to reflect the second level headings for api categories * Update docs_detailed_categories.yml Updated to represent the existing docs structure * Update docs_detailed_categories.yml * docs page data fix, extra operator page remove * api data fix * fix makefile * update deps, add product subnav to docs and api landing pages * Rearrange non-hands-on guides to _docs_ Since there is no place for these on learn.hashicorp, we'll put them under _docs_. * WIP Redirects for guides to docs * content and component updates * font weight hotfix, redirects * fix guides and intro sidenavs * fix some redirects * small style tweaks * Redirects to learn and internally to docs * Remove redirect to `/vault` * Remove `.html` from destination on redirects * fix incorrect index redirect * final touchups * address feedback from michell for makefile and product downloads 2018-10-19 15:40:11 +00:00			`sidebar_title: "GitHub"`
			`sidebar_current: "api-http-auth-github"`
API Docs updates (#3101) 2017-08-08 16:28:17 +00:00			`description: \|-`
Properly capitalize H in GitHub (#4889) It's really bothering me, sorry. 2018-07-10 15:11:03 +00:00			`This is the API documentation for the Vault GitHub auth method.`
API Docs updates (#3101) 2017-08-08 16:28:17 +00:00			`---`

Properly capitalize H in GitHub (#4889) It's really bothering me, sorry. 2018-07-10 15:11:03 +00:00			`# GitHub Auth Method (API)`
API Docs updates (#3101) 2017-08-08 16:28:17 +00:00
Properly capitalize H in GitHub (#4889) It's really bothering me, sorry. 2018-07-10 15:11:03 +00:00			`This is the API documentation for the Vault GitHub auth method. For`
			`general information about the usage and operation of the GitHub method, please`
			`see the [Vault GitHub method documentation](/docs/auth/github.html).`
API Docs updates (#3101) 2017-08-08 16:28:17 +00:00
Properly capitalize H in GitHub (#4889) It's really bothering me, sorry. 2018-07-10 15:11:03 +00:00			This documentation assumes the GitHub method is enabled at the `/auth/github`
Oops typo 2017-09-21 17:39:12 +00:00			`path in Vault. Since it is possible to enable auth methods at any location,`
API Docs updates (#3135) 2017-08-09 15:22:19 +00:00			`please update your API calls accordingly.`

Standardize on "auth method" This removes all references I could find to: - credential provider - authentication backend - authentication provider - auth provider - auth backend in favor of the unified: - auth method 2017-09-13 01:48:52 +00:00			`## Configure Method`
API Docs updates (#3135) 2017-08-09 15:22:19 +00:00
Standardize on "auth method" This removes all references I could find to: - credential provider - authentication backend - authentication provider - auth provider - auth backend in favor of the unified: - auth method 2017-09-13 01:48:52 +00:00			`Configures the connection parameters for GitHub. This path honors the`
API Docs updates (#3135) 2017-08-09 15:22:19 +00:00			distinction between the `create` and `update` capabilities inside ACL policies.

Remove response code info from non-overview API docs as it can be misinterpreted and is always the same anyways (#6459) 2019-03-22 16:15:37 +00:00			`\| Method \| Path \|`
			`\| :--------------------------- \| :--------------------- \|`
			\| `POST` \| `/auth/github/config` \|
API Docs updates (#3135) 2017-08-09 15:22:19 +00:00
			`### Parameters`

Standardize on "auth method" This removes all references I could find to: - credential provider - authentication backend - authentication provider - auth provider - auth backend in favor of the unified: - auth method 2017-09-13 01:48:52 +00:00			- `organization` `(string: <required>)` - The organization users must be part
API Docs updates (#3135) 2017-08-09 15:22:19 +00:00			`of.`
			- `base_url` `(string: "")` - The API endpoint to use. Useful if you are running
			`GitHub Enterprise or an API-compatible authentication server.`
			- `ttl` `(string: "")` - Duration after which authentication will be expired.
Standardize on "auth method" This removes all references I could find to: - credential provider - authentication backend - authentication provider - auth provider - auth backend in favor of the unified: - auth method 2017-09-13 01:48:52 +00:00			- `max_ttl` `(string: "")` - Maximum duration after which authentication will
API Docs updates (#3135) 2017-08-09 15:22:19 +00:00			`be expired.`

			`### Sample Payload`

			```json
			`{`
			`"organization": "acme-org"`
			`}`
			```

			`### Sample Request`

			```
			`$ curl \`
			`--header "X-Vault-Token: ..." \`
			`--request POST \`
			`--data @payload.json \`
Drop vault.rocks (#4186) 2018-03-23 15:41:51 +00:00			`http://127.0.0.1:8200/v1/auth/github/config`
API Docs updates (#3135) 2017-08-09 15:22:19 +00:00			```

			`## Read Configuration`

Oops typo 2017-09-21 17:39:12 +00:00			`Reads the GitHub configuration.`
API Docs updates (#3135) 2017-08-09 15:22:19 +00:00
Remove response code info from non-overview API docs as it can be misinterpreted and is always the same anyways (#6459) 2019-03-22 16:15:37 +00:00			`\| Method \| Path \|`
			`\| :--------------------------- \| :--------------------- \|`
			\| `GET` \| `/auth/github/config` \|
API Docs updates (#3135) 2017-08-09 15:22:19 +00:00
			`### Sample Request`

			```
			`$ curl \`
			`--header "X-Vault-Token: ..." \`
Drop vault.rocks (#4186) 2018-03-23 15:41:51 +00:00			`http://127.0.0.1:8200/v1/auth/github/config`
API Docs updates (#3135) 2017-08-09 15:22:19 +00:00			```

			`### Sample Response`

			```json
			`{`
			`"request_id": "812229d7-a82e-0b20-c35b-81ce8c1b9fa6",`
			`"lease_id": "",`
			`"lease_duration": 0,`
			`"renewable": false,`
			`"data": {`
			`"organization": "acme-org",`
			`"base_url": "",`
			`"ttl": "",`
			`"max_ttl": ""`
			`},`
			`"warnings": null`
			`}`
			```

Update Github auth method API reference (#4202) * Update Github auth method API reference * Replaced vault.rocks in API 2018-03-26 23:56:14 +00:00			`## Map GitHub Teams`

			`Map a list of policies to a team that exists in the configured GitHub organization.`

Remove response code info from non-overview API docs as it can be misinterpreted and is always the same anyways (#6459) 2019-03-22 16:15:37 +00:00			`\| Method \| Path \|`
			`\| :--------------------------- \| :--------------------- \|`
			\| `POST` \| `/auth/github/map/teams/:team_name` \|
Update Github auth method API reference (#4202) * Update Github auth method API reference * Replaced vault.rocks in API 2018-03-26 23:56:14 +00:00
			`### Parameters`

			- `key` `(string)` - GitHub team name in "slugified" format
			- `value` `(string)` - Comma separated list of policies to assign

			`### Sample Payload`

			```json
			`{`
			`"value": "dev-policy"`
			`}`
			```

			`### Sample Request`

			```
			`$ curl \`
			`--header "X-Vault-Token: ..." \`
			`--request POST \`
			`--data @payload.json \`
			`http://127.0.0.1:8200/v1/auth/github/map/teams/dev`
			```


			`## Read Team Mapping`

			`Reads the GitHub team policy mapping.`

Remove response code info from non-overview API docs as it can be misinterpreted and is always the same anyways (#6459) 2019-03-22 16:15:37 +00:00			`\| Method \| Path \|`
			`\| :--------------------------- \| :--------------------- \|`
			\| `GET` \| `/auth/github/map/teams/:team_name` \|
Update Github auth method API reference (#4202) * Update Github auth method API reference * Replaced vault.rocks in API 2018-03-26 23:56:14 +00:00
			`### Sample Request`

			```
			`$ curl \`
			`--header "X-Vault-Token: ..." \`
			`http://127.0.0.1:8200/v1/auth/github/map/teams/dev`
			```

			`### Sample Response`

			```json
			`{`
			`"request_id": "812229d7-a82e-0b20-c35b-81ce8c1b9fa6",`
			`"lease_id": "",`
			`"renewable": false,`
			`"lease_duration": 0,`
			`"data": {`
			`"key": "dev",`
			`"value": "dev-policy"`
			`},`
			`"wrap_info": null,`
			`"warnings": null,`
			`"auth": null`
			`}`
			```

			`## Map GitHub Users`

			`Map a list of policies to a specific GitHub user exists in the configured`
			`organization.`

Remove response code info from non-overview API docs as it can be misinterpreted and is always the same anyways (#6459) 2019-03-22 16:15:37 +00:00			`\| Method \| Path \|`
			`\| :--------------------------- \| :--------------------- \|`
			\| `POST` \| `/auth/github/map/users/:user_name` \|
Update Github auth method API reference (#4202) * Update Github auth method API reference * Replaced vault.rocks in API 2018-03-26 23:56:14 +00:00
			`### Parameters`

			- `key` `(string)` - GitHub user name
			- `value` `(string)` - Comma separated list of policies to assign

			`### Sample Payload`

			```json
			`{`
			`"value": "sethvargo-policy"`
			`}`
			```

			`### Sample Request`

			```
			`$ curl \`
			`--header "X-Vault-Token: ..." \`
			`--request POST \`
			`--data @payload.json \`
			`http://127.0.0.1:8200/v1/auth/github/map/users/sethvargo`
			```

			The user with username `sethvargo` will be assigned the `sethvargo-policy`
			`policy in addition to any team policies.`

			`## Read User Mapping`

			`Reads the GitHub user policy mapping.`

Remove response code info from non-overview API docs as it can be misinterpreted and is always the same anyways (#6459) 2019-03-22 16:15:37 +00:00			`\| Method \| Path \|`
			`\| :--------------------------- \| :--------------------- \|`
			\| `GET` \| `/auth/github/map/users/:user_name` \|
Update Github auth method API reference (#4202) * Update Github auth method API reference * Replaced vault.rocks in API 2018-03-26 23:56:14 +00:00
			`### Sample Request`

			```
			`$ curl \`
			`--header "X-Vault-Token: ..." \`
			`http://127.0.0.1:8200/v1/auth/github/map/users/sethvargo`
			```

			`### Sample Response`

			```json
			`{`
			`"request_id": "764b6f88-efba-51bd-ed62-cf1c9e80e37a",`
			`"lease_id": "",`
			`"renewable": false,`
			`"lease_duration": 0,`
			`"data": {`
			`"key": "sethvargo",`
			`"value": "sethvargo-policy"`
			`},`
			`"wrap_info": null,`
			`"warnings": null,`
			`"auth": null`
			`}`
			```


API Docs updates (#3135) 2017-08-09 15:22:19 +00:00			`## Login`

			`Login using GitHub access token.`

Remove response code info from non-overview API docs as it can be misinterpreted and is always the same anyways (#6459) 2019-03-22 16:15:37 +00:00			`\| Method \| Path \|`
			`\| :--------------------------- \| :--------------------- \|`
			\| `POST` \| `/auth/github/login` \|
API Docs updates (#3135) 2017-08-09 15:22:19 +00:00
			`### Parameters`

			- `token` `(string: <required>)` - GitHub personal API token.

			`### Sample Payload`

			```json
			`{`
			`"token": "ABC123..."`
			`}`
			```

			`### Sample Request`

			```
			`$ curl \`
			`--request POST \`
Drop vault.rocks (#4186) 2018-03-23 15:41:51 +00:00			`http://127.0.0.1:8200/v1/auth/github/login`
API Docs updates (#3135) 2017-08-09 15:22:19 +00:00			```

			`### Sample Response`

			```javascript
			`{`
			`"lease_id": "",`
			`"renewable": false,`
			`"lease_duration": 0,`
			`"data": null,`
			`"warnings": null,`
			`"auth": {`
			`"client_token": "64d2a8f2-2a2f-5688-102b-e6088b76e344",`
			`"accessor": "18bb8f89-826a-56ee-c65b-1736dc5ea27d",`
			`"policies": ["default"],`
			`"metadata": {`
			`"username": "fred",`
			`"org": "acme-org"`
			`},`
			`},`
			`"lease_duration": 7200,`
			`"renewable": true`
			`}`
A few simple fixes for the Github API docs (#3432) 2017-10-06 10:13:47 +00:00			```