Authentication

To use driftctl, we need credentials to make authenticated requests to GitHub. Just like the terraform provider, we retrieve config from environment variables.

$ GITHUB_TOKEN=14758f1afd44c09b7992073ccf00b43d\
  GITHUB_ORGANIZATION=my-org\
  driftctl scan --to github+tf

Least privileged policy

Below you can find the minimal scope required for driftctl to be able to scan every GitHub supported resources.

# Required to enumerate private repos
repo

# Required to list your organization teams
# and other organization related resources
read:org

repository permissions

Beware that if you don't set permission repo for your token, you won't see any errors for repositories listing. Thus, all private repositories will appear as deleted from remote.