You are viewing version 2.23 of the documentation, which is no longer maintained. For up-to-date documentation, see the latest version.

Configuring GitHub OAuth for Spinnaker

This post describes how to configure GitHub and Spinnaker to use GitHub as an OAuth2 authenticator.


  • Ability to modify developer settings for your GitHub organization
  • Access to Halyard
  • A Spinnaker deployment with DNS and SSL configured

Configuring GitHub OAuth

  1. Login to GitHub and go to Settings > Developer Settings > OAuth Apps > New OAuth App
  2. Note the Client ID / Client Secret
  3. Homepage URL: This would be the URL of your Spinnaker service e.g.
  4. Authorization callback URL: This is going to match your --pre-established-redirect-uri in halyard and the URL needs login appended to your gate endpoint e.g. or

Configuring Spinnaker


Add the following snippet to your SpinnakerService manifest under the level:

    enabled: true
      clientId: a08xxxxxxxxxxxxx93
      clientSecret: 6xxxaxxxxxxxxxxxxxxxxxxx59   # Secret Enabled Field
      scope: read:org,user:email
    provider: github

For additional configuration options review the Spinnaker Operator Reference


Run the following commands in Halyard with your Client ID and Client Secret.


hal config security authn oauth2 edit \
  --client-id $CLIENT_ID \
  --client-secret $CLIENT_SECRET \
  --provider $PROVIDER \
  --scope read:org,user:email \
  --pre-established-redirect-uri ""

hal config security authn oauth2 enable
Last modified October 12, 2020: add missing syntax (#254) (4cc9aea)