GitHub Action

Install and use the OnePAM CLI in GitHub Actions workflows for CI/CD automation.

Setup OnePAM Action

Use the official setup-onepam-action to install the OnePAM CLI in your GitHub Actions workflows. Supports automatic authentication via API tokens.

GitHub 
- uses: onepamcom/setup-onepam-action@v1
  with:
    version: latest

Quick Start

Basic Workflow
name: Deploy with OnePAM

on:
  push:
    branches: [main]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Install OnePAM CLI
        uses: onepamcom/setup-onepam-action@v1
        with:
          token: ${{ secrets.ONEPAM_API_TOKEN }}

      - name: List resources
        run: onepam ls

      - name: Run remote command
        run: onepam ssh my-server -c "systemctl restart my-app"

Action Inputs

InputRequiredDefaultDescription
version No latest OnePAM CLI version to install
token No - API token for automatic authentication

Examples

name: Database Migration

on:
  workflow_dispatch:
    inputs:
      environment:
        description: 'Target environment'
        required: true
        type: choice
        options: [staging, production]

jobs:
  migrate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - uses: onepamcom/setup-onepam-action@v1
        with:
          token: ${{ secrets.ONEPAM_API_TOKEN }}

      - name: Run migration
        run: |
          onepam db connect ${{ inputs.environment }}-postgres \
            --query "$(cat migrations/latest.sql)"

name: Rotate Secrets

on:
  schedule:
    - cron: '0 2 * * 1'  # Weekly on Monday at 2 AM

jobs:
  rotate:
    runs-on: ubuntu-latest
    steps:
      - uses: onepamcom/setup-onepam-action@v1
        with:
          token: ${{ secrets.ONEPAM_API_TOKEN }}

      - name: Rotate database credentials
        run: |
          onepam secrets rotate --resource prod-postgres
          onepam secrets rotate --resource staging-postgres

- uses: onepamcom/setup-onepam-action@v1
  with:
    version: "1.5.0"
    token: ${{ secrets.ONEPAM_API_TOKEN }}

Security Best Practices

  • Store your API token in GitHub Secrets (Settings > Secrets and variables > Actions)
  • Use environment-scoped secrets for production workflows
  • Pin the action to a specific major version tag (@v1) for stability
  • Create dedicated service accounts with minimum required permissions for CI/CD
  • Review the action source code for full transparency