Service connections (tokens)

Under tokens, you can configure service connections that will be used in the repository's CI/CD processes.

Service connections allow you to securely integrate your SourceCraft projects with the Yandex Cloud resources.

With service connections, you can get access to the Yandex Cloud API from inside of your SourceCraft repository's CI/CD workflows. For example, you can request a secret from Yandex Lockbox, upload files to a Yandex Object Storage bucket, deploy a virtual machine in Yandex Compute Cloud, etc.

You do not have to keep any long-lived tokens or access keys in repository secrets, let alone your code. You get authenticated in Yandex Cloud via a short-lived Yandex Identity and Access Management IAM token which is requested within each individual CI/CD task.

tokens section structure:

tokens:
  # Token name (can be any).
  <token_name>:
    # Name of the service connection you created earlier.
    service_connection: <service_connection_name>
    # Requested access scope:
    # org: All repositories
    # repo: Specific repository
    # ref: Branch or tag
    scope: repo

See also

• Service connections SourceCraft
• Configuring a service connection to Yandex Cloud in SourceCraft