Hello, We are in the process of configuring Pactfl...
# pactflows
Sathish Sundararajan
07/05/2023, 4:59 AMHello, We are in the process of configuring Pactflow webhooks to trigger github actions workflow. For authentication, I see there are two options where one is personal access token and the other is github app. Github app provides shortlived tokens whereas personal access token provides custom range for expiration. Is there a different way to have token created with custom expiration for entire org instead of using personal access token ? Interested to understand how everyone is using it
m
Matt (pactflow.io / pact-js / pact-go)
07/05/2023, 5:09 AM
For now, you will need to use a PAT or at least, you will need to give PactFlow a token that it can use (as a secret).
There are APIs to manage secrets, so if you wanted to rotate them by some other process (e.g. a lambda / function that’s job is to create new tokens from GitHub, and update the secret in PactFlow), that could work
Matt (pactflow.io / pact-js / pact-go)
07/05/2023, 5:09 AM
We would like to support a first class integration of course
s
Sathish Sundararajan
07/05/2023, 5:12 AMThanks Matt, we are trying to avoid PAT as this will be used by org level and will impose a security risk for the user. Can you provide the api info for updating secrets ?
m
Matt (pactflow.io / pact-js / pact-go)
07/05/2023, 5:21 AM
We’ll be publishing our APIs in the next ~month or so, but from the PactFlow UI if you head to the secrets page, open the network tab and you should be able to copy the XHR calls. They are quite basic, from memory
Matt (pactflow.io / pact-js / pact-go)
07/05/2023, 5:22 AM
You can also see the pact tests for the terraform client here: https://github.com/pactflow/terraform-provider-pact/blob/master/client/client_pact_test.go#L332-L418
Matt (pactflow.io / pact-js / pact-go)
07/05/2023, 5:22 AM
(terraform could also be an option)
s
Sathish Sundararajan
07/05/2023, 5:24 AMcool thanks Matt
👍 1