Installation Token - CI/CD Glossary Definition
An installation token is a short-lived credential a GitHub App uses to act within the repositories where it is installed.
An installation access token is a token a GitHub App mints for a specific installation. It is short-lived (expires in about an hour) and scoped to the App's granted permissions and installed repositories, so it is far safer than a static PAT.
How Apps get one
The App signs a JWT with its private key, calls the installations API, and receives an installation token. CI actions like actions/create-github-app-token automate this to avoid storing user PATs.
Related guides
Ephemeral Credential - CI/CD Glossary DefinitionEphemeral Credential: An ephemeral credential is a token or key issued just-in-time for one CI run and expiri…
Machine User - CI/CD Glossary DefinitionMachine User: A machine user is a GitHub account created to represent automation, holding tokens and permissi…
Token Expiry - CI/CD Glossary DefinitionToken Expiry: Token expiry is the lifetime after which a token is rejected. Short expiries limit the window a…