Skip to content
This repository has been archived by the owner on Aug 15, 2019. It is now read-only.
/ octo_keeper Public archive

Maintains some repo settings for a Github organization.

Notifications You must be signed in to change notification settings


Repository files navigation

Build Status Code Climate


This is a little command line tool which allows you to manage access to your Github organization's repositories.

We at use it to automatically set team permissions for all our repositories.


Install it with:

$ gem install octo_keeper


Create a new Github access token

Make sure your token has repo and admin:org permissions.

Set an environment variable with you Github access token:


Then you can fetch a list of your teams with the following command:

$ octo-keeper teams list --org ninech

Or you can apply permissions to all repositories for one team:

$ octo-keeper teams apply --org ninech 12345 pull

Github Webhook

Start the webhook server to receive Github organization webhooks:

$ export OCTOKEEPER_GITHUB_SECRET=super-secret
$ octo-keeper webhook start --config config.yml

Now you can enter the following webhook on (


Choose application/json as the content type.

In the above example you will have to add the secret super-secret. You can run the webhook server without a shared secret, but that is not recommended.


Octo-Keeper can be run in its own Docker container. You can link the configuration file into the container as a volume.

# build the image from this repository. Or skip this line if you want to pull it from the registry.
$ docker build . -t ninech/octo-keeper

$ docker run --name octo-keeper \
             -p 4567:4567 \
             -v $(pwd)/config.example.yml:/home/octo-keeper/config.yml \
             -e OCTOKEEPER_GITHUB_SECRET=super-secret \
             -e OCTOKEEPER_ACCESS_TOKEN=secret-token \


After checking out the repo, run bin/setup to install dependencies. Then, run rake spec to run the tests.

There is a sample event json to post to the webhook server.

$ bin/octo-keeper webhook start
# With HTTPie
$ http --json POST localhost:4567 < spec/fixtures/example-repository-create-event.json
# With Curl
$ curl -X POST http://localhost:4567/ -d @spec/fixtures/example-repository-create-event --header "Content-Type: application/json"

# Using a Github secret
$ export OCTOKEEPER_GITHUB_SECRET=super-secret
$ bin/octo-keeper webhook start
$ http --json POST localhost:4567 X-Hub-Signature:sha1=d1ee402dd2742b6646f564bffb5f5f7fe81742c3 < spec/fixtures/example-repository-create-event.json


Bug reports and pull requests are welcome on GitHub at


This tool is currently maintained and funded by nine.

logo of the company 'nine'


Maintains some repo settings for a Github organization.






No packages published