Docs / Integrations

Connect GitHub

BreachFix Cloud uses two separate GitHub integrations:

  • Sign in with GitHub — OAuth login (optional, env-gated)
  • GitHub App — clones repositories and receives push webhooks for auto-deploy

Server setup (operators)

Register the app at github.com/settings/apps. Set Where can this GitHub App be installed? to Any account for multi-org use.

SettingValue
Callback URLhttps://cloud.breachfix.com/v1/github/callback
Webhook URLhttps://cloud.breachfix.com/webhook/github
PermissionsMetadata (read), Contents (read), Webhooks (read & write)
Eventspush, pull_request, installation, installation_repositories

Mount the private key and set GITHUB_APP_PRIVATE_KEY_PATH in .env.

Private key rotation

  1. GitHub App settings → Private keys → Generate a private key
  2. Save PEM to server secrets path
  3. Run import script and restart gateway
  4. Verify with GET /v1/github/diagnostics

Dashboard

Integrations → Connect GitHub for deployments. Choose account, org, and repositories. Use Connect another GitHub account for multiple identities.