Skip to main content
Skip to main content

Authentication

b supports authentication tokens for accessing private repositories and increasing API rate limits. Tokens are read from environment variables.

Provider Tokens

ProviderEnvironment VariableHeader Format
GitHubGITHUB_TOKENAuthorization: Bearer <token>
GitLabGITLAB_TOKENPRIVATE-TOKEN: <token>
Gitea / CodebergGITEA_TOKENAuthorization: token <token>

Usage

Export the appropriate variable before running b:

export GITHUB_TOKEN="ghp_..."
b install owner/private-repo

GitHub

A GitHub token increases the API rate limit from 60 to 5,000 requests per hour and allows access to private repositories.

export GITHUB_TOKEN="ghp_..."

Without a token, b will show a warning when rate-limited:

GitHub API rate limited (set GITHUB_TOKEN for higher limits)

GitLab

A GitLab token is required for private repositories on gitlab.com or self-hosted instances.

export GITLAB_TOKEN="glpat-..."

Gitea / Codeberg

A Gitea token is required for private repositories on Gitea or Forgejo instances like Codeberg.

export GITEA_TOKEN="..."

OCI Registry Authentication

For oci:// refs, b pulls images daemonlessly but reuses your local docker credentials. It reads ~/.docker/config.json (or the location pointed to by DOCKER_CONFIG) and uses whichever helper is configured there. In other words, if docker login ghcr.io works, b install oci://ghcr.io/... works too.

# Log in once; b picks it up automatically
docker login ghcr.io
b install oci://ghcr.io/org/private-img

No b-specific environment variable is needed for OCI auth.

SSH Authentication

For private repos, you can also use SSH keys instead of tokens. SSH authentication uses your system's ssh-agent and works for both binaries and env sync:

envs:
  git@github.com:org/private-infra:
    files:
      manifests/**:
        dest: manifests/
# Ensure your SSH key is loaded
ssh-add -l

# If not, add it
ssh-add ~/.ssh/id_ed25519

# Then install/update as normal
b update

SSH is often simpler than tokens for local development — no environment variables needed if your key is already in ssh-agent.

CI/CD

In CI/CD pipelines, use secrets or environment variables provided by your CI system:

# GitHub Actions
steps:
  - name: Install tools
    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    run: b install

# GitLab CI
install_tools:
  script:
    - b install
  variables:
    GITLAB_TOKEN: $GITLAB_API_TOKEN
Was this section helpful?
© 2026 Jan Guth (@fentas). All rights reserved.