As a team maintaining the Octo STS I want the ability to use my own GitHub App for the STS service. I do not want to give a third party standing permissions on my organizations, where they can create a installation access token and access my organizations without mitigations.

Solution:

• Add variables in the setup of the OCTO STS service, selecting ClientID and PEM that it will use.
• Provide a GitHub App manifest so that team can create an install their own app following OCTO-STS best practice. Create app with manifest flow. The Principal on Minimalism + Security at work ;)