Comment on page
Deploy Your Grant Kit
Once you have a Grant Kit configured and a repo connected, you can deploy your Grant Kit. You would typically do this through your CI.
If you created a Grant Kit using one of the official Starter Kits, you'll already have GitHub Actions configured for you. You can use these or provide your own. Additionally, they use Terraform State hosted by Abbey, but it's recommended you point your state backends to your own, that way reducing security risk on your end from having state external to your infrastructure.
To create a new API Token, go to the API Tokens tab in Settings and click on the + New API Token. From there, you can enter the name of the API Token and click Create to create your new key.

Find your API Token by going to the Settings > API Tokens from your side navigation in the Abbey App.
The API Token must be named ABBEY_TOKEN
If you cloned the Starter Kit to your Personal GitHub Account, you'll need to make sure your repository has the right permissions for GitHub Actions.
You can do this by going to your GitHub Repository's Settings -> Actions -> General -> Workflow permissions -> Click the "Read and write permissions" radio button -> Save.
⚙
▶
You'll want to commit these changes to your default branch in GitHub. For most users, that will be the
main
branch.To deploy, push to your default branch:
git push origin main
The deploy registers your resources with Abbey and effectively says "Hey Abbey, from this point forward, please manage permissions for these resources for me."
You can optionally deploy from your local machine without going through CI. To do this, you'll need to have Terraform installed. Once installed, you'll need to:
Initialize your Terraform configuration:
cd $PATH_TO_YOUR_CLONED_REPO
terraform init
(Optional) Plan your Terraform configuration:
You can optionally run
terraform plan
to get a sense of what changes would be made.terraform plan -var-file=dev.tfvars
Before you deploy, make sure you push any changes to your repository. That way, Abbey has the latest changes when generating your Terraform output.
Deploy your Terraform configuration:
ABBEY_TOKEN=<your API token> TF_HTTP_USERNAME=<http backend username> TF_HTTP_PASSWORD=<abbey token> terraform apply -var-file=dev.tfvars
To use the same state backend as your CI/CD, your
TF_HTTP_USERNAME
can be found in your .github/workflows/abbey-grant-kit-materialize.yaml
file. Your TF_HTTP_PASSWORD
will be the same value as your ABBEY_TOKEN
.At this point, you should see your deployed grant kit under app.abbey.io/resources. If it's not showing up, it likely has a configuration issue causing the deployment to fail.
Go to your CI (or wherever you deploy Terraform) to check for any failed runs during the Terraform plan or apply steps.
If you're following the quickstart, this will be in your GitHub repo under the Actions tab i.e.
https://github.com/{username|org-name}/{repo-name}/actions
. Find the corresponding action run to the commit where you added the grant kit and see if it ran successfully. If it failed, open the run to see the failure exception.A common deployment failure for grant kits is a misconfigured
location
field in the output
block or bundle
field in the policies
block- Double check it starts with
github://
- Double check repository and username or org name is correct
- Double check for any extra
:
or/
's