Configure VCS Access
VCS access lets the DevOps Genie Agent create branches and pull requests in your infrastructure, deployment, or application repositories.
When VCS access is required
| Capability | VCS required? | Repository setting |
|---|---|---|
| Terraform Code Generation | Yes | vcs.infrastructureRepoUrl |
| Kubernetes Application Deployment | Yes | vcs.deploymentRepoUrl |
| CI/CD Pipeline Generation | Yes | vcs.infrastructureRepoUrl or vcs.deploymentRepoUrl |
| Cost Optimization | Optional for analysis, required for PR-based changes | Usually infrastructure repository |
URL vs path
| Field | Meaning | Example |
|---|---|---|
vcs.infrastructureRepoUrl | HTTPS clone URL for your infrastructure repository. | https://github.com/example-org/infrastructure.git |
vcs.infrastructureRepoPath | Optional subdirectory inside that repository. | terraform/ |
vcs.deploymentRepoUrl | HTTPS clone URL for your Kubernetes or deployment manifests repository. | https://github.com/example-org/kubernetes-manifests.git |
vcs.deploymentRepoPath | Optional subdirectory inside that repository. | clusters/prod/ |
Token-based example
Store tokens in a Kubernetes Secret or external secret manager whenever possible.
For a quick setup, you can pass vcs.token in a private values file that is not committed:
vcs:
provider: github
token: "<vcs-token-from-your-secret-manager>"
infrastructureRepoUrl: "https://github.com/example-org/infrastructure.git"
infrastructureRepoPath: "terraform/"
deploymentRepoUrl: "https://github.com/example-org/kubernetes-manifests.git"
deploymentRepoPath: "clusters/prod/"
For production, prefer the chart's Secret-based options. One common pattern is to create a Kubernetes Secret for agent pod environment values and reference it with agentPod.existingSecret:
kubectl create secret generic dg-agent-vcs \
--namespace "$DG_NAMESPACE" \
--from-literal=VCS_TOKEN="<vcs-token-from-your-secret-manager>" \
--dry-run=client -o yaml | kubectl apply -f -
agentPod:
existingSecret: dg-agent-vcs
vcs:
provider: github
infrastructureRepoUrl: "https://github.com/example-org/infrastructure.git"
infrastructureRepoPath: "terraform/"
deploymentRepoUrl: "https://github.com/example-org/kubernetes-manifests.git"
deploymentRepoPath: "clusters/prod/"
GitHub App option
If your organization prefers GitHub App authentication, configure the GitHub App fields supported by the chart instead of a long-lived personal access token. The agent uses the app credentials inside your Kubernetes environment to generate short-lived installation tokens.
Required values:
| Value | Meaning |
|---|---|
vcs.githubApp.id | Numeric GitHub App ID. |
vcs.githubApp.installationId | Numeric installation ID for the organization or account where the app is installed. |
vcs.githubApp.privateKey | PEM private key generated from the GitHub App settings. |
For a full customer setup walkthrough, see Create a GitHub App for DevOps Genie.
Capability readiness
The agent reports capabilities based on the VCS configuration available to it. If a repository URL or VCS credential is missing, the related capability may show as Partial or Not set up in Integrations > Capabilities.