AI Docs Bundle
Join Our Community Slack Contact
chainctl Reference

chainctl iam identities create github

  2 min read
chainctl Reference Product

chainctl iam identities create github 

chainctl iam identities create github NAME --github-repo=REPO [--github-ref=REF] [--github-audience=AUD] [--parent=PARENT] [--description=DESC] [--role=ROLE,ROLE,...] [--output=id|json|table]

Examples 

  # Create a GitHub Actions identity for any branch in a repo
  chainctl iam identities create github my-gha-identity --github-repo=my-org/repo-name --parent=eng-org
  
  # Create a GitHub Actions identity for a given branch in a repo and bind to a role
  chainctl iam identities create github my-gha-identity --github-repo=my-org/repo-name --github-ref=refs/heads/test-branch --role=owner

Options 

  -d, --description string       The description of the resource.
      --github-audience string   The audience for the GitHub OIDC token
      --github-ref string        The branch reference for the executing action (optional).
      --github-repo string       The name of a GitHub repo where the action executes.
  -h, --help                     help for github
  -n, --name string              Given name of the resource.
      --parent string            The name or id of the parent location to create this identity under.
      --role strings             A comma separated list of names or IDs of roles to bind this identity to (optional).
  -y, --yes                      Automatic yes to prompts; assume "yes" as answer to all prompts and run non-interactively.

Options inherited from parent commands 

      --api string         The url of the Chainguard platform API. (default "https://console-api.enforce.dev")
      --audience string    The Chainguard token audience to request. (default "https://console-api.enforce.dev")
      --config string      A specific chainctl config file. Uses CHAINCTL_CONFIG environment variable if a file is not passed explicitly.
      --console string     The url of the Chainguard platform Console. (default "https://console.chainguard.dev")
      --force-color        Force color output even when stdout is not a TTY.
      --issuer string      The url of the Chainguard STS endpoint. (default "https://issuer.enforce.dev")
      --log-level string   Set the log level (debug, info) (default "ERROR")
  -o, --output string      Output format. One of: [csv, env, go-template, id, json, markdown, none, table, terse, tree, wide]
  -v, --v int              Set the log verbosity level.

SEE ALSO

Related Articles

chainctl

chainctl Chainguard Control chainctl [flags] Options --api string The url of the Chainguard platform API. (default …

  1 min read

chainctl auth

chainctl auth Auth related commands for the Chainguard platform. Options -h, --help help for auth Options inherited from …

  1 min read

chainctl auth configure-docker

chainctl auth configure-docker Configure a Docker credential helper chainctl auth configure-docker [flags] Options …

  2 min read

chainctl auth delete-account

chainctl auth delete-account Permanently delete your user account. chainctl auth delete-account [flags] Options -h, …

  1 min read

chainctl auth login

chainctl auth login Login to the Chainguard platform. chainctl auth login [--invite-code=INVITE_CODE] …

  2 min read

Last updated: 2025-09-29 18:30

chainctl iam identities create Prev   chainctl iam identities create gitlab   Next