🔥 3-day streak
Microsoft DevOps Engineer Expert121 / 138
Question 121 of 138

Your team runs a shared GitHub Actions automation bot that opens pull requests, adds comments, and updates status checks across 40 repositories in your organization. Currently the bot authenticates with a personal access token (PAT) belonging to a departing engineer. Security requires that the replacement authentication method: not be tied to any individual user, support fine-grained per-repository permissions, and automatically issue short-lived tokens that expire. Which authentication approach should you adopt?

Reviewed for accuracy · Report an issueNext question