Connecting GitHub

Public repos just work. Private repos need permission to clone, and you choose how to give it.

To deploy a public repo, paste its URL and go. Nothing to install. For a private repo, Dockhold needs permission to clone it. There are two ways to grant that, and both work on every paid plan. Pick whichever you prefer.

Option A: connect the GitHub app (recommended)

Install the Dockhold GitHub app and tick the repos you want to deploy. When Dockhold builds, it asks GitHub for a key that can read only those repos and expires about an hour later. There is no long-lived token sitting around for you to manage.

• You pick the repos. Dockhold never sees the rest.
• Read-only. Dockhold never pushes to your code or comments on it.
• No token to copy, rotate, or lose.
• Auto-deploy on push is set up for you.

To use it: open the New App page, choose Connect GitHub, approve the install, pick your repos, and deploy.

Option B: personal access token

Don't want to install an app on your account? Create a token on GitHub yourself and store it in your Vault as GITHUB_TOKEN. Dockhold uses it only to clone your repo at build time.

• Nothing extra installed on your GitHub account.
• You decide what the token can do and how long it lasts. A fine-grained token with read access to that one repo's contents is enough.
• Rotating and expiring it is up to you.
• You add the push webhook yourself. See How deploys work.