Skip to content

Buildkite Permissions Reference

This page defines the API scopes and permissions required for the Buildkite–SailPoint Entro integration.

Required API Permissions

The Buildkite API Access Token used for the integration must have read-only permissions for all relevant resources.

Scope Permission Type Description
Builds Read Retrieve build and job metadata
Pipelines Read Access pipeline definitions and configurations
Organizations Read Verify organization-level details and tokens
Agents Read Inspect build agent and environment metadata

Access Summary

  • Integration uses a Personal Access Token (PAT) for API authentication.

  • Access is limited to read-only API calls.

  • No modifications or deletions are performed.

  • Tokens are stored in encrypted form (AES-256).

  • Communications occur via TLS 1.2+.

Note

SailPoint Entro adheres to least-privilege access: the integration only requests the minimum required read-only scopes.

Compliance & Security Notes

  • SailPoint Entro never retrieves or stores build secrets or logs.

  • All operations comply with SOC 2 Type II, ISO 27001, and GDPR standards.

  • Integration strictly adheres to least-privilege access principles.