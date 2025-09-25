Version: 18.x

On this page

GitHub Actions Report an issue with this page

This document acts a reference for GitHub Actions and Machine ID. You will find links to in-depth guides on using GitHub Actions and a full explanation of the configuration options available when using the GitHub join method.

You can read step-by-step guides on using Machine ID and GitHub Actions:

Using Machine ID with GitHub Actions: How to use Machine ID to SSH into Teleport nodes from GitHub Actions.

The token resource sets out rules for what is allowed to join a Teleport cluster. Joining clients must specify which token they want to use, and then information included in their join request is compared to the rules contained within the token by the Auth Service to determine whether or not they should be admitted.

The following snippet shows all available options in the token resource when used for GitHub joining with Machine ID:

kind: token version: v2 metadata: name: github-token spec: roles: [ Bot ] join_method: github bot_name: github-demo github: enterprise_server_host: ghes.example.com static_jwks: | {"keys":[--snip--]} enterprise_slug: slug allow: - repository: gravitational/teleport repository_owner: gravitational workflow: my-workflow environment: production actor: octocat ref: ref/heads/main ref_type: branch sub: repo:gravitational/example-repo:environment:production

We offer a series of off-the-shelf GitHub Actions to use in your workflows when utilizing Teleport Machine ID and GitHub Actions.

More information about these individual actions can be found in their GitHub repositories:

If you experience problems when using these actions, please raise an issue in their source repository: https://github.com/teleport-actions/root.