Skip to main content
GitHub is Platinur’s version-control and promotion backbone. Generated dbt models and Evidence code are committed to a configured repository; staged changes reach production through a pull request from the staging branch to the production branch. There are two ways to authenticate with GitHub:
  • GitHub App (recommended) — Install the Platinur GitHub App on your repository. No personal token is needed; Platinur mints short-lived tokens itself from the App installation.
  • Personal Access Token (fallback) — Paste a classic or fine-grained PAT with the required scopes. Use this if the GitHub App option is not available for your workspace.
If an App installation exists for the account it is used in preference to any stored PAT.

Option 1: GitHub App

Install flow

  1. Open Configuration in the portal.
  2. Click Install on GitHub. (If this button is not shown, the App connection option is not available for your workspace — use a Personal Access Token instead.)
  3. GitHub opens the App installation page. Select the repository that holds the Platinur project and confirm.
  4. GitHub redirects back to the portal automatically.
  5. The portal shows a GitHub App connected confirmation. Platinur stores the installation_id for the account and no personal token is needed from this point on.

How it works

Platinur mints short-lived installation access tokens scoped to your account’s installation whenever it needs to interact with GitHub — pushing commits, opening PRs, reading branches. Tokens are cached in-process and refreshed automatically near expiry; you never handle or store them. Per-account state is limited to the installation_id, a non-secret numeric identifier issued by GitHub at install time.

Option 2: Personal Access Token

If the Install on GitHub button does not appear, or you prefer the token path, enter a PAT in the Access Token field in Configuration alongside the repository URL. Token requirements:
  • Classic PATrepo scope.
  • Fine-grained PATContents (read and write) and Pull requests (read and write) permissions on the target repository.
Click Save and test after entering the token. Platinur verifies the credentials by resolving the repository.

Security notes

  • Per-account state is only the installation_id (App connections) or the encrypted token reference (PAT connections); neither is ever shown back in the portal after saving.
  • Installation tokens are minted on demand, cached briefly, and never persisted to disk.
  • Generated dbt and Evidence code committed to your repository is the only code Platinur writes there — Platinur never pushes to branches outside the configured staging/production pair.