Comment on page

Deploy Your Grant Kit

Once you have a Grant Kit configured and a repo connected, you can deploy your Grant Kit. You would typically do this through your CI.
If you created a Grant Kit using one of the official Starter Kits, you'll already have GitHub Actions configured for you. You can use these or provide your own. Additionally, they use Terraform State hosted by Abbey, but it's recommended you point your state backends to your own, that way reducing security risk on your end from having state external to your infrastructure.

Step 1: Create Your ABBEY_TOKEN

To create a new API Token, go to the API Tokens tab in Settings and click on the + New API Token. From there, you can enter the name of the API Token and click Create to create your new key.

Step 2: Add Your ABBEY_TOKEN

Find your API Token by going to the Settings > API Tokens from your side navigation in the Abbey App.
Add this API Token as to your GitHub Repository Secret as ABBEY_TOKEN.
The API Token must be named ABBEY_TOKEN
What should it look like?
If you cloned the Starter Kit to your Personal GitHub Account, you'll need to make sure your repository has the right permissions for GitHub Actions.
You can do this by going to your GitHub Repository's
Settings ->
Actions -> General -> Workflow permissions -> Click the "Read and write permissions" radio button -> Save.

Step 3: Deploy Your Starter Kit

You'll want to commit these changes to your default branch in GitHub. For most users, that will be the main branch.
To deploy, push to your default branch:
git push origin main
The deploy registers your resources with Abbey and effectively says "Hey Abbey, from this point forward, please manage permissions for these resources for me."
(Optional) Deploy without using CI
You can optionally deploy from your local machine without going through CI. To do this, you'll need to have Terraform installed. Once installed, you'll need to:
Initialize your Terraform configuration:
terraform init
(Optional) Plan your Terraform configuration:
You can optionally run terraform plan to get a sense of what changes would be made.
terraform plan -var-file=dev.tfvars
Before you deploy, make sure you push any changes to your repository. That way, Abbey has the latest changes when generating your Terraform output.
Deploy your Terraform configuration:
ABBEY_TOKEN=<your API token> TF_HTTP_USERNAME=<http backend username> TF_HTTP_PASSWORD=<abbey token> terraform apply -var-file=dev.tfvars
To use the same state backend as your CI/CD, your TF_HTTP_USERNAME can be found in your .github/workflows/abbey-grant-kit-materialize.yaml file. Your TF_HTTP_PASSWORD will be the same value as your ABBEY_TOKEN.
At this point, you should see your deployed grant kit under If it's not showing up, it likely has a configuration issue causing the deployment to fail.
Go to your CI (or wherever you deploy Terraform) to check for any failed runs during the Terraform plan or apply steps.
If you're following the quickstart, this will be in your GitHub repo under the Actions tab i.e.{username|org-name}/{repo-name}/actions. Find the corresponding action run to the commit where you added the grant kit and see if it ran successfully. If it failed, open the run to see the failure exception.
A common deployment failure for grant kits is a misconfigured location field in the output block or bundle field in the policies block
  • Double check it starts with github://
  • Double check repository and username or org name is correct
  • Double check for any extra : or /'s