Configure GitHub OAuth for Spinnaker

Configure GitHub and Spinnaker to use GitHub as an OAuth2 authenticator.

Requirements for configuring GitHub OAuth

  • Ability to modify developer settings for your GitHub organization
  • Access to Halyard
  • A SpinnakerTM deployment with DNS and SSL configured

Configuring GitHub OAuth in GitHub

  1. Login to GitHub and go to Settings > Developer Settings > OAuth Apps > New OAuth App
  2. Note the Client ID / Client Secret
  3. Homepage URL: This would be the URL of your Spinnaker service e.g.
  4. Authorization callback URL: This is going to match your --pre-established-redirect-uri in halyard and the URL needs login appended to your gate endpoint e.g. or

Configuring GitHub OAuth in Spinnaker

Add the following snippet to your SpinnakerService manifest under the level:

    enabled: true
      clientId: a08xxxxxxxxxxxxx93
      clientSecret: 6xxxaxxxxxxxxxxxxxxxxxxx59   # Secret Enabled Field
      scope: read:org,user:email
    provider: GITHUB

For additional configuration options review the Spinnaker Manifest Configuration Reference

Run the following commands in Halyard with your Client ID and Client Secret.


hal config security authn oauth2 edit \
  --client-id $CLIENT_ID \
  --client-secret $CLIENT_SECRET \
  --provider $PROVIDER \
  --scope read:org,user:email \
  --pre-established-redirect-uri ""

hal config security authn oauth2 enable

Additional OAuth resources

Last modified December 10, 2021: (556c295d)