circle-info
Read on newly released AI assisted Insights
flxbl docsarrow-up-right
search
Learn CD Concepts using LabsslackGitHub

ring-diamondIntegrations

Integrations allow you to securely store and manage credentials for external services like Jira and GitHub. These credentials are encrypted at rest using AES-256 and can be scoped to specific projects or made globally available.

hashtag
Key Concepts

hashtag
What is an Integration?

An integration is a secure credential store that connects sfp server to external services. For example:

  • Jira integration: Stores your Jira API credentials so sfp can fetch work items, link commits to issues, and track deployment status

  • GitHub integration: Stores GitHub tokens for repository access, PR comments, and status checks

hashtag
Global vs Project-Scoped Integrations

Scope
Use Case
Example

Global (isGlobal: true)

Single set of credentials shared across all projects

Company-wide Jira instance

Project-scoped (projects: [...])

Credentials specific to certain repositories

Per-repo GitHub App tokens

When to use global integrations:

  • You have one Jira instance for all projects

  • You want a fallback credential when no project-specific one exists

When to use project-scoped integrations:

  • Different teams use different Jira projects

  • You need separate GitHub tokens per repository

  • Security requires credential isolation between projects

hashtag
Authentication Types

Type
Provider
Use Case

pat

GitHub

Personal Access Token for API access

oauth

GitHub, Jira

OAuth flow for user-delegated access

app

GitHub

GitHub App installation token

basic_auth

Jira

Email + API token (recommended for Jira Cloud)

hashtag
API Reference

hashtag
Create Integration

Register a new integration with encrypted credentials.

Request Body:

Field
Type
Required
Description

provider

string

Yes

Service provider: github or jira

authType

string

Yes

Authentication type: pat, oauth, app, or basic_auth

credentials

object

Yes

Provider-specific credentials (see examples below)

isGlobal

boolean

No

Set true for global integration

projects

string[]

No

Project identifiers (required if not global)

config

object

No

Provider-specific configuration

Example: Global Jira Integration

Example: Project-Scoped GitHub Integration

hashtag
Get Credentials

Retrieve stored credentials for use in automation. All access is audited.

Query Parameters:

Parameter
Required
Description

provider

No

Filter by provider (github, jira)

project

No

Filter by project identifier

Example:

Response:

hashtag
Complete Workflow Example

Here's a typical setup workflow for a new team:

hashtag
1. Register Your Project

hashtag
2. Create a Global Jira Integration

Since most teams share a single Jira instance:

hashtag
3. Create Project-Scoped GitHub Integration

For repository-specific access:

hashtag
4. Use in Your Pipeline

Once configured, sfp commands automatically use the stored credentials:

hashtag
Security Considerations

  • Encryption: All credentials are encrypted at rest using AES-256 via Supabase pgcrypto

  • Audit Logging: Every credential access is logged with actor information

  • Least Privilege: Use project-scoped integrations when possible to limit blast radius

  • Token Rotation: Regularly rotate API tokens and update integrations accordingly

hashtag
Troubleshooting

hashtag
"Either isGlobal or projects must be specified"

You must specify either isGlobal: true OR provide a projects array. You cannot omit both.

hashtag
"Project 'xyz' not found"

The project identifier must match an existing registered project. List projects first:

hashtag
"No integration found for project=xyz"

Either no integration exists for that project, or the integration is not scoped to include it. Check if a global integration exists or create a project-scoped one.

Last updated