Buildkite Permissions Reference
This page defines the API scopes and permissions required for the Buildkite–SailPoint Entro integration.
Required API Permissions
The Buildkite API Access Token used for the integration must have read-only permissions for all relevant resources.
| Scope | Permission Type | Description |
|---|---|---|
| Builds | Read | Retrieve build and job metadata |
| Pipelines | Read | Access pipeline definitions and configurations |
| Organizations | Read | Verify organization-level details and tokens |
| Agents | Read | Inspect build agent and environment metadata |
Access Summary
-
Integration uses a Personal Access Token (PAT) for API authentication.
-
Access is limited to read-only API calls.
-
No modifications or deletions are performed.
-
Tokens are stored in encrypted form (AES-256).
-
Communications occur via TLS 1.2+.
Note
SailPoint Entro adheres to least-privilege access: the integration only requests the minimum required read-only scopes.
Compliance & Security Notes
-
SailPoint Entro never retrieves or stores build secrets or logs.
-
All operations comply with SOC 2 Type II, ISO 27001, and GDPR standards.
-
Integration strictly adheres to least-privilege access principles.