Context

When using the GitHub Terraform provider to manage GitHub resources, users often want to avoid using long-lived credentials like personal access tokens. Some users may want to leverage the GitHub App authentication that Spacelift uses for its GitHub integration to authenticate the Terraform provider instead.

Answer

While Spacelift's built-in GitHub App credentials are not directly accessible, you can set up your own GitHub App for use with the GitHub Terraform provider. Here are two approaches:

Option 1: Direct Spacelift Integration

1. Create a custom GitHub App with the necessary permissions for your Terraform operations

2. Store the GitHub App credentials as a variable in Spacelift

3. Configure the GitHub provider in your Terraform configuration using these credentials

Option 2: Security-Enhanced Approach

1. Create a custom GitHub App with the required permissions

2. Store the GitHub App credentials in a secret that belongs to the integration role used by the worker

3. Configure your Terraform provider to access these credentials through the worker role

Note that the actual permissions and capabilities available will depend on how the GitHub App is configured.

Sources:

• Spacelift GitHub Integration Documentation

• GitHub Terraform Provider Documentation