This section is for Sym Integrators!

To use the Github Integration, view the Implementation section of this document.

Setting up your API Token

In order to grant Github access to Sym, you'll need to create a new access token. To do so, go to your Github settings page then navigate to Settings -> Developer settings -> Personal access tokens then "Generate a new token".

The following permission scopes are required for Sym to invite and remove access to your organization's Github repositories:

  • read:org
  • repo
  • user:email

Once created, make note of your token, we'll need it later!

Sharing your API Token with Sym

You'll store your API Token in a value in AWS Secrets Manager in the same account where you provisioned your Runtime Connector. Contact us if you'd like to use an alternative secrets store.

Runtime Connectors support optional permissions using the addon input. Ensure that your Runtime Connector is provisioned with the aws/secretsmgr addon enabled.

For more information about the Secrets Manager Addon, see our docs here.

resource "aws_secretsmanager_secret" "github" {
  name        = "/${var.sym_environment_name}/github_access_token"
  description = "Github access token for SymOps"

  tags = local.tags

That's it - now you can use Github in your Sym workflows!


This section is for Sym Implementers!

If your Github Integration has not yet been set up, please point your Integrator to Github setup.

Example Usages

Let users select from a list of repositories

To add Github to your Flow, define the following items in Terraform:

data "sym_integration" "github" {
  type = "github"
  name = "github-prod"

# The Github Access Workflow, which uses an Github strategy to grant repo access to users
resource "sym_flow" "this" {
  name  = "github_access"
  label = "Github Access"

  params = {
    strategy_id =

# A Strategy uses an Integration to grant people access to Targets
resource "sym_strategy" "this" {
  type           = "github"
  name           = "github-strategy-prod"
  integration_id =
  targets        = []

# A Target something Sym is managing access to
resource "sym_target" "prod" {
  type  = "github_repo"
  label = "My Private Repo"
  settings = {
    repo_name = "my-private-repo"

Let users type in the repository name

In this scenario, you want the users to type in the name of the repository from the Slack modal instead of selecting it from a dropdown list. Modify the previous example with the following:

resource "sym_flow" "this" {
  name  = "github_access"
  label = "Github Access"

  params = {
    strategy_id =
    prompt_fields_json = jsonencode(
          name     = "repo_name"
          label    = "Repository Name"
          type     = "string"
          required = true

resource "sym_target" "target" {
  type  = "github_repo"

  name  = "private-repo"
  label = "private-repo"

  field_bindings = ["repo_name"]

In this example, Sym will use the target's field_bindings values to request access to the repository the user typed in!

Did this page help you?