Automation tokens

Create scoped bearer tokens for CI, scripts, and unattended release runbooks.

Updated: Feb 1, 2026

Where to create tokens

Open Profile and create an automation token.

Use a clear label such as the consuming repo or workflow name.

Prefer repo scope unless one workflow intentionally spans multiple repos.

Token format

Automation tokens use the rmatk.<token-id>.<secret> format.

The secret is shown once, so store it immediately in your secret manager.

Do not commit tokens or store them in plaintext environment files.

Use in CI

Send the token as Authorization: Bearer rmatk.<token-id>.<secret>.

Use the automation prepare, status, and publish endpoints to run a release workflow.

ReleaseMind checks billing, repo scope, and usage before running gated operations.

Rotate and revoke

Revoke unused tokens from Profile.

Create a replacement token before rotating a production workflow.

Check last-used timestamps when investigating stale automations.

Review and introspect

Automation tokens should be narrow and easy to audit.

  • Is this token scoped to one repo?
  • Who owns rotation for the consuming workflow?
  • Can you revoke the token without interrupting unrelated releases?

Need more help?

Support

Email

Email [email protected] with your org, repo, and release tag for the fastest response.

Email support

Related articles

Release with si orbit releasemind

Authenticate, link a repo, generate notes, and publish a GitHub Release from SI.

Automation API runbook

Use prepare, status, and publish endpoints for unattended release workflows.

Was this article helpful?