Closed tamsinforbes closed 1 day ago
created token MOJ_COLLABORATORS_GENERAL_ADMIN
in bot account
MOJ_COLLABORATORS_GENERAL_ADMIN FG-PAT as GitHub Secret MOJ_COLLABORATORS_GENERAL_ADMIN_BOT_PAT
Permissions scope - all repos Repo perms: Admin RW; PR RW; Issue RW; Contents RW; Webhooks RW; Org perms; Admin RW; Member R
User Need
As a member of the operations engineering team, I want to organise and secure the GitHub personal access tokens in the moj-operations-engineering-bot account, so that we can reduce risks, improve clarity, and align with best practices in token management.
Value
Properly managing these tokens will significantly reduce security risks by limiting their scope and improving their traceability. It will also streamline our processes by creating a clear and efficient method for future token creation and management.
MoJ Bot
Classic token currently used inministryofjustice/github-collaborators
as GitHub secret OPS_BOT_TOKEN.Functional Requirements:
ministryofjustice/github-collaborators
as per standards agreed in ADR 020Acceptance Criteria:
ministryofjustice/github-collaborators
is renamed and updated to use the new token.