github
Service Tokens
Summary
As a continuation from recent investments around programmatic access security (https://github.com/github/roadmap/issues/203, https://github.com/github/roadmap/issues/184), service tokens will provide organizations with autonomous, programmatic, secure access over the API to resources they own, including repositories, packages, members, Codespaces, Projects, and more.
By using the same fine-grained permissions model that powers GitHub Apps, service tokens let you mint a short-lived credential with just the right level of access needed to get the job done.
Being decoupled from identity, service tokens can be minted, used, and destroyed with no dependency on a user account.
Intended Outcome
Organizations need a way to securely access their resources programmatically, e.g. for automation purposes, large-scale configuration of their organization, policy compliance, and onboarding of new users.
Currently many organizations create dedicated “machine users” to achieve this, which is an administrative burden to both setup and maintain.
Service tokens will remove this friction, creating a paved path for autonomous, programmatic, secure access to organization resources.
How will it work?
The workflow for the creation of an organization's service token will resemble the "server-to-server" token creation workflow of GitHub Apps, which involves a REST API and is itself an implementation of the OAuth 2.0 client credentials flow.
