feat(config): read config/defaults with authentication (#2975)

* feat(config):read config/defaults with authentication This change allows to use defaults and config files from a protected GitHub repository. The options `--customConfig` and `--defaultConfig` already allowed to provide a link to an uprotected file. Now, by passing a value in the form `<hostname>:<token>` to parameter `gitHubTokens` (this parameter can be passed multiple times) a token can be provided for dedicated hosts. This makes it possible to use a link like `https://api.github.com/repos/SAP/jenkins-library/contents/resources/my-defaults.yml?ref=master` as reference to a default file or similarly as reference to a configuration file. * update generation to allow protected config/defaults * fix CodeClimate issues * update missing generations
2025-07-17 01:42:43 +02:00 · 2021-07-08 15:26:07 +02:00
parent 72a4ef16ab
commit 805a8fd88f
87 changed files with 267 additions and 17 deletions
--- a/cmd/abapAddonAssemblyKitCheckCVs_generated.go
+++ b/cmd/abapAddonAssemblyKitCheckCVs_generated.go
@ -74,6 +74,8 @@ For Terminology refer to the [Scenario Description](https://www.project-piper.io
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/abapAddonAssemblyKitCheckPV_generated.go
+++ b/cmd/abapAddonAssemblyKitCheckPV_generated.go
@ -74,6 +74,8 @@ For Terminology refer to the [Scenario Description](https://www.project-piper.io
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/abapAddonAssemblyKitCreateTargetVector_generated.go
+++ b/cmd/abapAddonAssemblyKitCreateTargetVector_generated.go
@ -74,6 +74,8 @@ For Terminology refer to the [Scenario Description](https://www.project-piper.io
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/abapAddonAssemblyKitPublishTargetVector_generated.go
+++ b/cmd/abapAddonAssemblyKitPublishTargetVector_generated.go
@ -43,6 +43,8 @@ For Terminology refer to the [Scenario Description](https://www.project-piper.io
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/abapAddonAssemblyKitRegisterPackages_generated.go
+++ b/cmd/abapAddonAssemblyKitRegisterPackages_generated.go
@ -75,6 +75,8 @@ For Terminology refer to the [Scenario Description](https://www.project-piper.io
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/abapAddonAssemblyKitReleasePackages_generated.go
+++ b/cmd/abapAddonAssemblyKitReleasePackages_generated.go
@ -73,6 +73,8 @@ For Terminology refer to the [Scenario Description](https://www.project-piper.io
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/abapAddonAssemblyKitReserveNextPackages_generated.go
+++ b/cmd/abapAddonAssemblyKitReserveNextPackages_generated.go
@ -77,6 +77,8 @@ For Terminology refer to the [Scenario Description](https://www.project-piper.io
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/abapEnvironmentAssembleConfirm_generated.go
+++ b/cmd/abapEnvironmentAssembleConfirm_generated.go
@ -76,6 +76,8 @@ func AbapEnvironmentAssembleConfirmCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/abapEnvironmentAssemblePackages_generated.go
+++ b/cmd/abapEnvironmentAssemblePackages_generated.go
@ -78,6 +78,8 @@ Platform ABAP Environment system and saves the corresponding [SAR archive](https
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/abapEnvironmentCheckoutBranch_generated.go
+++ b/cmd/abapEnvironmentCheckoutBranch_generated.go
@ -51,6 +51,8 @@ Please provide either of the following options:
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/abapEnvironmentCloneGitRepo_generated.go
+++ b/cmd/abapEnvironmentCloneGitRepo_generated.go
@ -51,6 +51,8 @@ Please provide either of the following options:
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/abapEnvironmentCreateSystem_generated.go
+++ b/cmd/abapEnvironmentCreateSystem_generated.go
@ -52,6 +52,8 @@ func AbapEnvironmentCreateSystemCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/abapEnvironmentPullGitRepo_generated.go
+++ b/cmd/abapEnvironmentPullGitRepo_generated.go
@ -51,6 +51,8 @@ Please provide either of the following options:
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/abapEnvironmentRunATCCheck_generated.go
+++ b/cmd/abapEnvironmentRunATCCheck_generated.go
@ -53,6 +53,8 @@ Regardless of the option you chose, please make sure to provide the configuratio
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/artifactPrepareVersion_generated.go
+++ b/cmd/artifactPrepareVersion_generated.go
@ -161,6 +161,8 @@ Define ` + "`" + `buildTool: custom` + "`" + `, ` + "`" + `filePath: <path to yo
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/batsExecuteTests_generated.go
+++ b/cmd/batsExecuteTests_generated.go
@ -76,6 +76,8 @@ func BatsExecuteTestsCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/checkChangeInDevelopment_generated.go
+++ b/cmd/checkChangeInDevelopment_generated.go
@ -41,6 +41,8 @@ func CheckChangeInDevelopmentCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/checkmarxExecuteScan_generated.go
+++ b/cmd/checkmarxExecuteScan_generated.go
@ -198,6 +198,8 @@ thresholds instead of ` + "`" + `percentage` + "`" + ` whereas we strongly recom
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/cloudFoundryCreateServiceKey_generated.go
+++ b/cmd/cloudFoundryCreateServiceKey_generated.go
@ -43,6 +43,8 @@ func CloudFoundryCreateServiceKeyCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/cloudFoundryCreateService_generated.go
+++ b/cmd/cloudFoundryCreateService_generated.go
@ -55,6 +55,8 @@ Please provide either of the following options:
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/cloudFoundryCreateSpace_generated.go
+++ b/cmd/cloudFoundryCreateSpace_generated.go
@ -42,6 +42,8 @@ Mandatory:
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/cloudFoundryDeleteService_generated.go
+++ b/cmd/cloudFoundryDeleteService_generated.go
@ -42,6 +42,8 @@ func CloudFoundryDeleteServiceCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/cloudFoundryDeleteSpace_generated.go
+++ b/cmd/cloudFoundryDeleteSpace_generated.go
@ -42,6 +42,8 @@ Mandatory:
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/cloudFoundryDeploy_generated.go
+++ b/cmd/cloudFoundryDeploy_generated.go
@ -114,6 +114,8 @@ func CloudFoundryDeployCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/containerExecuteStructureTests_generated.go
+++ b/cmd/containerExecuteStructureTests_generated.go
@ -44,6 +44,8 @@ func ContainerExecuteStructureTestsCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/containerSaveImage_generated.go
+++ b/cmd/containerSaveImage_generated.go
@ -41,6 +41,8 @@ It can be used no matter if a Docker daemon is available or not. It will also wo
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/detectExecuteScan_generated.go
+++ b/cmd/detectExecuteScan_generated.go
@ -61,6 +61,8 @@ Please configure your BlackDuck server Url using the serverUrl parameter and the
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/fortifyExecuteScan_generated.go
+++ b/cmd/fortifyExecuteScan_generated.go
@ -162,6 +162,8 @@ and Java plus Maven or alternatively Python installed into it for being able to
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/gaugeExecuteTests_generated.go
+++ b/cmd/gaugeExecuteTests_generated.go
@ -85,6 +85,8 @@ You can use the [sample projects](https://github.com/getgauge/gauge-mvn-archetyp
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/gctsCloneRepository_generated.go
+++ b/cmd/gctsCloneRepository_generated.go
@ -40,6 +40,8 @@ func GctsCloneRepositoryCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/gctsCreateRepository_generated.go
+++ b/cmd/gctsCreateRepository_generated.go
@ -44,6 +44,8 @@ func GctsCreateRepositoryCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/gctsDeploy_generated.go
+++ b/cmd/gctsDeploy_generated.go
@ -50,6 +50,8 @@ repository and then deploys it into the ABAP system.`,
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/gctsExecuteABAPUnitTests_generated.go
+++ b/cmd/gctsExecuteABAPUnitTests_generated.go
@ -40,6 +40,8 @@ func GctsExecuteABAPUnitTestsCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/gctsRollback_generated.go
+++ b/cmd/gctsRollback_generated.go
@ -44,6 +44,8 @@ gctsRollback will rollback to the previously active commit in the local reposito
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/getConfig.go
+++ b/cmd/getConfig.go
@ -21,7 +21,7 @@ type configCommandOptions struct {
 	stepMetadata   string //metadata to be considered, can be filePath or ENV containing JSON in format 'ENV:MY_ENV_VAR'
 	stepName       string
 	contextConfig  bool
-	openFile       func(s string) (io.ReadCloser, error)
+	openFile       func(s string, t map[string]string) (io.ReadCloser, error)
 }

 var configOptions configCommandOptions
@ -38,6 +38,7 @@ func ConfigCommand() *cobra.Command {
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
 			initStageName(false)
+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
 		},
 		Run: func(cmd *cobra.Command, _ []string) {
 			err := generateConfig()
@ -72,7 +73,7 @@ func generateConfig() error {

 	projectConfigFile := getProjectConfigFile(GeneralConfig.CustomConfig)

-	customConfig, err := configOptions.openFile(projectConfigFile)
+	customConfig, err := configOptions.openFile(projectConfigFile, GeneralConfig.GitHubAccessTokens)
 	if err != nil {
 		if !os.IsNotExist(err) {
 			return errors.Wrapf(err, "config: open configuration file '%v' failed", projectConfigFile)
@ -86,7 +87,7 @@ func generateConfig() error {
 	}

 	for _, f := range GeneralConfig.DefaultConfig {
-		fc, err := configOptions.openFile(f)
+		fc, err := configOptions.openFile(f, GeneralConfig.GitHubAccessTokens)
 		// only create error for non-default values
 		if err != nil && f != ".pipeline/defaults.yaml" {
 			return errors.Wrapf(err, "config: getting defaults failed: '%v'", f)
@ -193,7 +194,7 @@ func prepareOutputEnvironment(outputResources []config.StepResources, envRootPat
 func resolveMetadata() (config.StepData, error) {
 	var metadata config.StepData
 	if configOptions.stepMetadata != "" {
-		metadataFile, err := configOptions.openFile(configOptions.stepMetadata)
+		metadataFile, err := configOptions.openFile(configOptions.stepMetadata, GeneralConfig.GitHubAccessTokens)
 		if err != nil {
 			return metadata, errors.Wrap(err, "open failed")
 		}
--- a/cmd/getConfig_test.go
+++ b/cmd/getConfig_test.go
@ -16,7 +16,7 @@ import (
 	"github.com/stretchr/testify/require"
 )

-func configOpenFileMock(name string) (io.ReadCloser, error) {
+func configOpenFileMock(name string, tokens map[string]string) (io.ReadCloser, error) {
 	var r string
 	switch name {
 	case "TestAddCustomDefaults_default1":
--- a/cmd/githubCheckBranchProtection_generated.go
+++ b/cmd/githubCheckBranchProtection_generated.go
@ -45,6 +45,8 @@ It can for example be used to verify if certain status checks are mandatory. Thi
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/githubCommentIssue_generated.go
+++ b/cmd/githubCommentIssue_generated.go
@ -44,6 +44,8 @@ This comes in very handy when you want to make developers aware of certain thing
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/githubCreateIssue_generated.go
+++ b/cmd/githubCreateIssue_generated.go
@ -44,6 +44,8 @@ You will be able to use this step for example for regular jobs to report into yo
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/githubCreatePullRequest_generated.go
+++ b/cmd/githubCreatePullRequest_generated.go
@ -48,6 +48,8 @@ It can for example be used for GitOps scenarios or for scenarios where you want
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/githubPublishRelease_generated.go
+++ b/cmd/githubPublishRelease_generated.go
@ -59,6 +59,8 @@ The result looks like
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/githubSetCommitStatus_generated.go
+++ b/cmd/githubSetCommitStatus_generated.go
@ -53,6 +53,8 @@ It can for example be used to create additional check indicators for a pull requ
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/gitopsUpdateDeployment_generated.go
+++ b/cmd/gitopsUpdateDeployment_generated.go
@ -54,6 +54,8 @@ For helm the whole template is generated into a file and uploaded into the repos
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/hadolintExecute_generated.go
+++ b/cmd/hadolintExecute_generated.go
@ -42,6 +42,8 @@ The linter is parsing the Dockerfile into an abstract syntax tree (AST) and perf
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/influxWriteData_generated.go
+++ b/cmd/influxWriteData_generated.go
@ -41,6 +41,8 @@ func InfluxWriteDataCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/integrationArtifactDeploy_generated.go
+++ b/cmd/integrationArtifactDeploy_generated.go
@ -38,6 +38,8 @@ func IntegrationArtifactDeployCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/integrationArtifactDownload_generated.go
+++ b/cmd/integrationArtifactDownload_generated.go
@ -39,6 +39,8 @@ func IntegrationArtifactDownloadCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/integrationArtifactGetMplStatus_generated.go
+++ b/cmd/integrationArtifactGetMplStatus_generated.go
@ -68,6 +68,8 @@ func IntegrationArtifactGetMplStatusCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/integrationArtifactGetServiceEndpoint_generated.go
+++ b/cmd/integrationArtifactGetServiceEndpoint_generated.go
@ -68,6 +68,8 @@ func IntegrationArtifactGetServiceEndpointCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/integrationArtifactTriggerIntegrationTest_generated.go
+++ b/cmd/integrationArtifactTriggerIntegrationTest_generated.go
@ -40,6 +40,8 @@ func IntegrationArtifactTriggerIntegrationTestCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/integrationArtifactUpdateConfiguration_generated.go
+++ b/cmd/integrationArtifactUpdateConfiguration_generated.go
@ -40,6 +40,8 @@ func IntegrationArtifactUpdateConfigurationCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/integrationArtifactUpload_generated.go
+++ b/cmd/integrationArtifactUpload_generated.go
@ -41,6 +41,8 @@ func IntegrationArtifactUploadCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/jsonApplyPatch_generated.go
+++ b/cmd/jsonApplyPatch_generated.go
@ -39,6 +39,8 @@ This step can, e.g., be used if there is a json schema which needs to be patched
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/kanikoExecute_generated.go
+++ b/cmd/kanikoExecute_generated.go
@ -78,6 +78,8 @@ func KanikoExecuteCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/karmaExecuteTests_generated.go
+++ b/cmd/karmaExecuteTests_generated.go
@ -48,6 +48,8 @@ In the Docker network, the containers can be referenced by the values provided i
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/kubernetesDeploy_generated.go
+++ b/cmd/kubernetesDeploy_generated.go
@ -75,6 +75,8 @@ helm upgrade <deploymentName> <chartPath> --install --force --namespace <namespa
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/malwareExecuteScan_generated.go
+++ b/cmd/malwareExecuteScan_generated.go
@ -40,6 +40,8 @@ func MalwareExecuteScanCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/mavenBuild_generated.go
+++ b/cmd/mavenBuild_generated.go
@ -52,6 +52,8 @@ supports ci friendly versioning by flattening the pom before installing.`,
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/mavenExecuteIntegration_generated.go
+++ b/cmd/mavenExecuteIntegration_generated.go
@ -44,6 +44,8 @@ the integration tests via the Jacoco Maven-plugin.`,
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/mavenExecuteStaticCodeChecks_generated.go
+++ b/cmd/mavenExecuteStaticCodeChecks_generated.go
@ -55,6 +55,8 @@ For PMD the failure priority and the max allowed violations are configurable via
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/mavenExecute_generated.go
+++ b/cmd/mavenExecute_generated.go
@ -44,6 +44,8 @@ func MavenExecuteCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/mtaBuild_generated.go
+++ b/cmd/mtaBuild_generated.go
@ -75,6 +75,8 @@ func MtaBuildCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/newmanExecute_generated.go
+++ b/cmd/newmanExecute_generated.go
@ -79,6 +79,8 @@ func NewmanExecuteCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/nexusUpload_generated.go
+++ b/cmd/nexusUpload_generated.go
@ -65,6 +65,8 @@ If an image for mavenExecute is configured, and npm packages are to be published
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/npmExecuteLint_generated.go
+++ b/cmd/npmExecuteLint_generated.go
@ -38,6 +38,8 @@ either use ESLint configurations present in the project or use the provided gene
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/npmExecuteScripts_generated.go
+++ b/cmd/npmExecuteScripts_generated.go
@ -43,6 +43,8 @@ func NpmExecuteScriptsCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/pipelineCreateScanSummary_generated.go
+++ b/cmd/pipelineCreateScanSummary_generated.go
@ -40,6 +40,8 @@ It is for example used to create a markdown file which can be used to create a G
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/piper.go
+++ b/cmd/piper.go
@ -19,8 +19,10 @@ import (

 // GeneralConfigOptions contains all global configuration options for piper binary
 type GeneralConfigOptions struct {
+	GitHubAccessTokens   map[string]string // map of tokens with url as key in order to maintain url-specific tokens
 	CorrelationID        string
 	CustomConfig         string
+	GitHubTokens         []string // list of entries in form of <server>:<token> to allow token authentication for downloading config / defaults
 	DefaultConfig        []string //ordered list of Piper default configurations. Can be filePath or ENV containing JSON in format 'ENV:MY_ENV_VAR'
 	IgnoreCustomDefaults bool
 	ParametersJSON       string
@ -159,6 +161,7 @@ func Execute() {
 	rootCmd.AddCommand(InfluxWriteDataCommand())

 	addRootFlags(rootCmd)
+
 	if err := rootCmd.Execute(); err != nil {
 		log.SetErrorCategory(log.ErrorConfiguration)
 		log.Entry().WithError(err).Fatal("configuration error")
@ -169,6 +172,7 @@ func addRootFlags(rootCmd *cobra.Command) {

 	rootCmd.PersistentFlags().StringVar(&GeneralConfig.CorrelationID, "correlationID", os.Getenv("PIPER_correlationID"), "ID for unique identification of a pipeline run")
 	rootCmd.PersistentFlags().StringVar(&GeneralConfig.CustomConfig, "customConfig", ".pipeline/config.yml", "Path to the pipeline configuration file")
+	rootCmd.PersistentFlags().StringSliceVar(&GeneralConfig.GitHubTokens, "gitHubTokens", accessTokensFromEnvJSON(os.Getenv("PIPER_gitHubTokens")), "List of entries in form of <hostname>:<token> to allow GitHub token authentication for downloading config / defaults")
 	rootCmd.PersistentFlags().StringSliceVar(&GeneralConfig.DefaultConfig, "defaultConfig", []string{".pipeline/defaults.yaml"}, "Default configurations, passed as path to yaml file")
 	rootCmd.PersistentFlags().BoolVar(&GeneralConfig.IgnoreCustomDefaults, "ignoreCustomDefaults", false, "Disables evaluation of the parameter 'customDefaults' in the pipeline configuration file")
 	rootCmd.PersistentFlags().StringVar(&GeneralConfig.ParametersJSON, "parametersJSON", os.Getenv("PIPER_parametersJSON"), "Parameters to be considered in JSON format")
@ -184,6 +188,34 @@ func addRootFlags(rootCmd *cobra.Command) {

 }

+// ResolveAccessTokens reads a list of tokens in format host:token passed via command line
+// and transfers this into a map as a more consumable format.
+func ResolveAccessTokens(tokenList []string) map[string]string {
+	tokenMap := map[string]string{}
+	for _, tokenEntry := range tokenList {
+		log.Entry().Debugf("processing token %v", tokenEntry)
+		parts := strings.Split(tokenEntry, ":")
+		if len(parts) != 2 {
+			log.Entry().Warningf("wrong format for access token %v", tokenEntry)
+		} else {
+			tokenMap[parts[0]] = parts[1]
+		}
+	}
+	return tokenMap
+}
+
+func accessTokensFromEnvJSON(env string) []string {
+	accessTokens := []string{}
+	if len(env) == 0 {
+		return accessTokens
+	}
+	err := json.Unmarshal([]byte(env), &accessTokens)
+	if err != nil {
+		log.Entry().Infof("Token json '%v' has wrong format.", env)
+	}
+	return accessTokens
+}
+
 const stageNameEnvKey = "STAGE_NAME"

 // initStageName initializes GeneralConfig.StageName from either GeneralConfig.ParametersJSON
@ -232,7 +264,7 @@ func initStageName(outputToLog bool) {
 }

 // PrepareConfig reads step configuration from various sources and merges it (defaults, config file, flags, ...)
-func PrepareConfig(cmd *cobra.Command, metadata *config.StepData, stepName string, options interface{}, openFile func(s string) (io.ReadCloser, error)) error {
+func PrepareConfig(cmd *cobra.Command, metadata *config.StepData, stepName string, options interface{}, openFile func(s string, t map[string]string) (io.ReadCloser, error)) error {

 	log.SetFormatter(GeneralConfig.LogFormat)

@ -277,7 +309,7 @@ func PrepareConfig(cmd *cobra.Command, metadata *config.StepData, stepName strin
 			projectConfigFile := getProjectConfigFile(GeneralConfig.CustomConfig)
 			if exists, err := piperutils.FileExists(projectConfigFile); exists {
 				log.Entry().Infof("Project config: '%s'", projectConfigFile)
-				if customConfig, err = openFile(projectConfigFile); err != nil {
+				if customConfig, err = openFile(projectConfigFile, GeneralConfig.GitHubAccessTokens); err != nil {
 					return errors.Wrapf(err, "Cannot read '%s'", projectConfigFile)
 				}
 			} else {
@ -290,7 +322,7 @@ func PrepareConfig(cmd *cobra.Command, metadata *config.StepData, stepName strin
 			log.Entry().Info("Project defaults: NONE")
 		}
 		for _, projectDefaultFile := range GeneralConfig.DefaultConfig {
-			fc, err := openFile(projectDefaultFile)
+			fc, err := openFile(projectDefaultFile, GeneralConfig.GitHubAccessTokens)
 			// only create error for non-default values
 			if err != nil {
 				if projectDefaultFile != ".pipeline/defaults.yaml" {
--- a/cmd/piper_test.go
+++ b/cmd/piper_test.go
@ -487,3 +487,40 @@ bar: 42
 		assert.False(t, hasFailed, "Expected checkTypes() NOT to exit via logging framework")
 	})
 }
+
+func TestResolveAccessTokens(t *testing.T) {
+	tt := []struct {
+		description      string
+		tokenList        []string
+		expectedTokenMap map[string]string
+	}{
+		{description: "empty tokens", tokenList: []string{}, expectedTokenMap: map[string]string{}},
+		{description: "invalid token", tokenList: []string{"onlyToken"}, expectedTokenMap: map[string]string{}},
+		{description: "one token", tokenList: []string{"github.com:token1"}, expectedTokenMap: map[string]string{"github.com": "token1"}},
+		{description: "more tokens", tokenList: []string{"github.com:token1", "github.corp:token2"}, expectedTokenMap: map[string]string{"github.com": "token1", "github.corp": "token2"}},
+	}
+
+	for _, test := range tt {
+		assert.Equal(t, test.expectedTokenMap, ResolveAccessTokens(test.tokenList), test.description)
+	}
+}
+
+func TestAccessTokensFromEnvJSON(t *testing.T) {
+	tt := []struct {
+		description       string
+		inputJSON         string
+		expectedTokenList []string
+	}{
+		{description: "empty ENV", inputJSON: "", expectedTokenList: []string{}},
+		{description: "invalid JSON", inputJSON: "{", expectedTokenList: []string{}},
+		{description: "empty JSON 1", inputJSON: "{}", expectedTokenList: []string{}},
+		{description: "empty JSON 2", inputJSON: "[]]", expectedTokenList: []string{}},
+		{description: "invalid JSON format", inputJSON: `{"test":"test"}`, expectedTokenList: []string{}},
+		{description: "one token", inputJSON: `["github.com:token1"]`, expectedTokenList: []string{"github.com:token1"}},
+		{description: "more tokens", inputJSON: `["github.com:token1","github.corp:token2"]`, expectedTokenList: []string{"github.com:token1", "github.corp:token2"}},
+	}
+
+	for _, test := range tt {
+		assert.Equal(t, test.expectedTokenList, accessTokensFromEnvJSON(test.inputJSON), test.description)
+	}
+}
--- a/cmd/protecodeExecuteScan_generated.go
+++ b/cmd/protecodeExecuteScan_generated.go
@ -110,6 +110,8 @@ func ProtecodeExecuteScanCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/sonarExecuteScan_generated.go
+++ b/cmd/sonarExecuteScan_generated.go
@ -114,6 +114,8 @@ func SonarExecuteScanCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/terraformExecute_generated.go
+++ b/cmd/terraformExecute_generated.go
@ -38,6 +38,8 @@ func TerraformExecuteCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/transportRequestDocIDFromGit_generated.go
+++ b/cmd/transportRequestDocIDFromGit_generated.go
@ -70,6 +70,8 @@ It is primarily made for the transportRequestUploadSOLMAN step to provide the ch
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/transportRequestReqIDFromGit_generated.go
+++ b/cmd/transportRequestReqIDFromGit_generated.go
@ -70,6 +70,8 @@ It is primarily made for the transport request upload steps to provide the trans
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/transportRequestUploadCTS_generated.go
+++ b/cmd/transportRequestUploadCTS_generated.go
@ -78,6 +78,8 @@ func TransportRequestUploadCTSCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/transportRequestUploadRFC_generated.go
+++ b/cmd/transportRequestUploadRFC_generated.go
@ -79,6 +79,8 @@ func TransportRequestUploadRFCCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/transportRequestUploadSOLMAN_generated.go
+++ b/cmd/transportRequestUploadSOLMAN_generated.go
@ -78,6 +78,8 @@ The application ID specifies how the file needs to be handled on server side.`,
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/uiVeri5ExecuteTests_generated.go
+++ b/cmd/uiVeri5ExecuteTests_generated.go
@ -40,6 +40,8 @@ func UiVeri5ExecuteTestsCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/vaultRotateSecretId_generated.go
+++ b/cmd/vaultRotateSecretId_generated.go
@ -44,6 +44,8 @@ func VaultRotateSecretIdCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/whitesourceExecuteScan_generated.go
+++ b/cmd/whitesourceExecuteScan_generated.go
@ -164,6 +164,8 @@ The step uses the so-called WhiteSource Unified Agent. For details please refer
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/cmd/xsDeploy_generated.go
+++ b/cmd/xsDeploy_generated.go
@ -77,6 +77,8 @@ func XsDeployCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@ -5,11 +5,13 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
+	"net/http"
+	"net/url"
 	"os"
 	"reflect"
 	"strings"

-	"github.com/SAP/jenkins-library/pkg/http"
+	piperhttp "github.com/SAP/jenkins-library/pkg/http"
 	"github.com/SAP/jenkins-library/pkg/log"

 	"github.com/ghodss/yaml"
@ -26,7 +28,8 @@ type Config struct {
 	Hooks            map[string]interface{}            `json:"hooks,omitempty"`
 	defaults         PipelineDefaults
 	initialized      bool
-	openFile         func(s string) (io.ReadCloser, error)
+	accessTokens     map[string]string
+	openFile         func(s string, t map[string]string) (io.ReadCloser, error)
 	vaultCredentials VaultCredentials
 }

@ -147,7 +150,7 @@ func (c *Config) InitializeConfig(configuration io.ReadCloser, defaults []io.Rea
 			c.openFile = OpenPiperFile
 		}
 		for _, f := range c.CustomDefaults {
-			fc, err := c.openFile(f)
+			fc, err := c.openFile(f, c.accessTokens)
 			if err != nil {
 				return errors.Wrapf(err, "getting default '%v' failed", f)
 			}
@ -311,14 +314,31 @@ func GetJSON(data interface{}) (string, error) {
 }

 // OpenPiperFile provides functionality to retrieve configuration via file or http
-func OpenPiperFile(name string) (io.ReadCloser, error) {
+func OpenPiperFile(name string, accessTokens map[string]string) (io.ReadCloser, error) {
 	if !strings.HasPrefix(name, "http://") && !strings.HasPrefix(name, "https://") {
 		return os.Open(name)
 	}

-	// support http(s) urls next to file path - url cannot be protected
-	client := http.Client{}
-	response, err := client.SendRequest("GET", name, nil, nil, nil)
+	return httpReadFile(name, accessTokens)
+}
+
+func httpReadFile(name string, accessTokens map[string]string) (io.ReadCloser, error) {
+
+	u, err := url.Parse(name)
+	if err != nil {
+		return nil, fmt.Errorf("failed to read url: %w", err)
+	}
+
+	// support http(s) urls next to file path
+	client := piperhttp.Client{}
+
+	var header http.Header
+	if len(accessTokens[u.Host]) > 0 {
+		client.SetOptions(piperhttp.ClientOptions{Token: fmt.Sprintf("token %v", accessTokens[u.Host])})
+		header = map[string][]string{"Accept": {"application/vnd.github.v3.raw"}}
+	}
+
+	response, err := client.SendRequest("GET", name, nil, header, nil)
 	if err != nil {
 		return nil, err
 	}
--- a/pkg/config/config_test.go
+++ b/pkg/config/config_test.go
@ -25,7 +25,7 @@ func (errReadCloser) Close() error {
 	return nil
 }

-func customDefaultsOpenFileMock(name string) (io.ReadCloser, error) {
+func customDefaultsOpenFileMock(name string, tokens map[string]string) (io.ReadCloser, error) {
 	return ioutil.NopCloser(strings.NewReader("general:\n  p0: p0_custom_default\nstages:\n  stage1:\n    p1: p1_custom_default")), nil
 }

--- a/pkg/generator/helper/helper.go
+++ b/pkg/generator/helper/helper.go
@ -98,6 +98,8 @@ func {{.CobraCmdFuncName}}() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose({{if .ExportPrefix}}{{ .ExportPrefix }}.{{end}}GeneralConfig.Verbose)

+			{{if .ExportPrefix}}{{ .ExportPrefix }}.{{end}}GeneralConfig.GitHubAccessTokens = {{if .ExportPrefix}}{{ .ExportPrefix }}.{{end}}ResolveAccessTokens({{if .ExportPrefix}}{{ .ExportPrefix }}.{{end}}GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: {{if .ExportPrefix}}{{ .ExportPrefix }}.{{end}}GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/pkg/generator/helper/testdata/TestProcessMetaFiles/custom_step_code_generated.golden
+++ b/pkg/generator/helper/testdata/TestProcessMetaFiles/custom_step_code_generated.golden
@ -118,6 +118,8 @@ func TestStepCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(piperOsCmd.GeneralConfig.Verbose)

+			piperOsCmd.GeneralConfig.GitHubAccessTokens = piperOsCmd.ResolveAccessTokens(piperOsCmd.GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: piperOsCmd.GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/pkg/generator/helper/testdata/TestProcessMetaFiles/step_code_generated.golden
+++ b/pkg/generator/helper/testdata/TestProcessMetaFiles/step_code_generated.golden
@ -117,6 +117,8 @@ func TestStepCommand() *cobra.Command {
 			log.SetStepName(STEP_NAME)
 			log.SetVerbose(GeneralConfig.Verbose)

+			GeneralConfig.GitHubAccessTokens = ResolveAccessTokens(GeneralConfig.GitHubTokens)
+
 			path, _ := os.Getwd()
 			fatalHook := &log.FatalHook{CorrelationID: GeneralConfig.CorrelationID, Path: path}
 			log.RegisterHook(fatalHook)
--- a/pkg/mock/runner.go
+++ b/pkg/mock/runner.go
@ -223,7 +223,7 @@ type StepOptions struct {
 	TestParam string `json:"testParam,omitempty"`
 }

-func OpenFileMock(name string) (io.ReadCloser, error) {
+func OpenFileMock(name string, tokens map[string]string) (io.ReadCloser, error) {
 	var r string
 	switch name {
 	case "testDefaults.yml":