1. Resources
  2. /
  3. Plugins
  4. /
  5. chinmina-git-credentials-buildkite-plugin

chinmina-git-credentials-buildkite-plugin

Combines a Git credential helper with a chinmina-bridge helper agent to allow Buildkite agents securely authorize Github repository access.

The plugin contains a Git credential helper, enabled for the current step via an environment hook.

The credential helper calls chinmina-bridge when credentials for a GitHub repository are requested, supplying the result to Git in its expected format.

[!IMPORTANT] Refer to the Chinmina documentation for detailed information about configuring and using this plugin effectively.

While this plugin can be used as a regular Buildkite plugin, it must be enabled on every step. This includes any steps configured in the pipeline configuration. This is difficult to implement and maintain; hence the strategy suggested.

Example

Add the following to your pipeline.yml:

steps:
  - command: ls
    plugins:
      - chinmina/chinmina-git-credentials#v1.1.0:
          chinmina-url: "https://chinmina-bridge-url"
          audience: "chinmina:your-github-organization"
          profiles: 
            - repo:default
            - org:buildkite-plugins

Configuration

chinmina-url (Required, string)

The URL of the chinmina-bridge helper agent that vends a token for a pipeline. This is a separate HTTP service that must accessible to your Buildkite agents.

audience (string)

Default: chinmina:default

The value of the aud claim of the OIDC JWT that will be sent to chinmina-bridge. This must correlate with the value configured in the chinmina-bridge settings.

A recommendation: chinmina:your-github-organization. This is specific to the purpose of the token, and also scoped to the GitHub organization that tokens will be vended for. chinmina-bridge’s GitHub app is configured for a particular GitHub organization/user, so if you have multiple organizations, multiple agents will need to be running.

profiles (array)

Default: [repo:default]

An array of profile names to use when requesting a token from chinmina-bridge. Organization profiles are stored outside of chinmina-bridge, and must be set up in your deployment explicitly. For more information, see the Chinmina documentation.

Developing

Run tests and plugin linting locally using docker compose:

# Buildkite plugin linter
docker-compose run --rm lint

# Bash tests
docker-compose run --rm tests

Contributing

Contributions are welcome! Raise a PR, and include tests with your changes.

  1. Fork the repo
  2. Make the changes
  3. Run the tests and linter
  4. Commit and push your changes
  5. Send a pull request

Recommended plugins

GitHub Merged Pull Request

Checks out the GitHub PR merge ref rather than the branch HEAD.

seek-oss seek-oss

Git Commit

A Buildkite plugin to commit and push the results of a command to a git repository.

thedyrt thedyrt

Smooth Checkout

All the things you need during a Buildkite checkout.

hasura hasura

The plugins listed on this webpage are provided for informational purposes only. They have not undergone any formal security review or assessment. While we strive to provide useful resources, we cannot guarantee the safety, reliability, or integrity of these plugins. Users are strongly advised to conduct their own security evaluations before downloading, installing, or using any plugin. By using these plugins, you acknowledge and accept any risks associated with their use. We disclaim any liability for any harm or damages arising from the use of the plugins listed.

Start turning complexity into an advantage

Create an account to get started with a 30-day free trial. No credit card required.

Get started View pricing
Buildkite Pipelines

Platform

  1. Pipelines
  2. Pipeline templates
  3. Public pipelines
  4. Test Engine
  5. Package Registries
  6. Mobile Delivery Cloud
  7. Pricing

Hosting options

  1. Self-hosted agents
  2. Mac hosted agents
  3. Linux hosted agents

Resources

  1. Docs
  2. Blog
  3. Changelog
  4. Webinars
  5. Plugins
  6. Case studies
  7. Events
  8. Migration Services
  9. Comparisons

Company

  1. About
  2. Careers
  3. Press
  4. Brand assets
  5. Contact

Solutions

  1. Replace Jenkins
  2. Workflows for AI/ML
  3. Testing at scale
  4. Monorepo mojo
  5. Bazel orchestration

Legal

  1. Terms of Service
  2. Acceptable Use Policy
  3. Privacy Policy
  4. Subprocessors
  5. Service Level Agreement

Support

  1. System status
  2. Forum
© Buildkite Pty Ltd 2025