diff --git a/ci-operator/step-registry/openshift/microshift/claude/ci-doctor/openshift-microshift-claude-ci-doctor-commands.sh b/ci-operator/step-registry/openshift/microshift/claude/ci-doctor/openshift-microshift-claude-ci-doctor-commands.sh
index 1978838a2523c..9dffe3f350682 100644
--- a/ci-operator/step-registry/openshift/microshift/claude/ci-doctor/openshift-microshift-claude-ci-doctor-commands.sh
+++ b/ci-operator/step-registry/openshift/microshift/claude/ci-doctor/openshift-microshift-claude-ci-doctor-commands.sh
@@ -16,12 +16,31 @@ load_secrets() {
     set +x
 
     echo "Loading secrets..."
-    if [ -f "${GITHUB_TOKEN_PATH}" ]; then
-        GITHUB_TOKEN=$(cat "${GITHUB_TOKEN_PATH}")
+    if [ -f "${GITHUB_APP_ID_PATH}" ] && [ -f "${GITHUB_KEY_PATH}" ]; then
+        local -r app_ver="2.0.8"
+        local -r app_sha="867d9ebf7dd18e67e2599f0f890f3f41b8673e88c4394a32a05476024c41ea0f"
+        local -r app_exe="/tmp/gh-token-${app_ver}"
+
+        # Install a GitHub CLI extension to generate tokens for GitHub Apps
+        curl -sSL https://github.com/Link-/gh-token/releases/download/v${app_ver}/linux-amd64 -o "${app_exe}"
+        if ! echo "${app_sha}  ${app_exe}" | sha256sum -c -; then
+            echo "ERROR: Failed to verify GitHub CLI extension checksum"
+            exit 1
+        fi
+        chmod +x "${app_exe}"
+
+        # Generate a GitHub token for the GitHub App
+        GITHUB_TOKEN="$("${app_exe}" generate --app-id "$(< "${GITHUB_APP_ID_PATH}")" --key "${GITHUB_KEY_PATH}" | jq -r '.token')"
+        if [ -z "${GITHUB_TOKEN}" ] || [ "${GITHUB_TOKEN}" = "null" ]; then
+            echo "ERROR: Failed to generate GitHub token"
+            exit 1
+        fi
+        rm -f "${app_exe}"
+
         export GITHUB_TOKEN
-        echo "GitHub token loaded."
+        echo "GitHub token generated."
     else
-        echo "WARNING: GitHub token not found at ${GITHUB_TOKEN_PATH}. GitHub operations will not be available."
+        echo "WARNING: GitHub App credentials not found at ${GITHUB_APP_ID_PATH} and ${GITHUB_KEY_PATH}. GitHub operations will not be available."
     fi
 
     if [ -f "${JIRA_API_TOKEN_PATH}" ]; then
diff --git a/ci-operator/step-registry/openshift/microshift/claude/ci-doctor/openshift-microshift-claude-ci-doctor-ref.yaml b/ci-operator/step-registry/openshift/microshift/claude/ci-doctor/openshift-microshift-claude-ci-doctor-ref.yaml
index 25e3b81cde606..78b7ff5e5dd53 100644
--- a/ci-operator/step-registry/openshift/microshift/claude/ci-doctor/openshift-microshift-claude-ci-doctor-ref.yaml
+++ b/ci-operator/step-registry/openshift/microshift/claude/ci-doctor/openshift-microshift-claude-ci-doctor-ref.yaml
@@ -10,8 +10,8 @@ ref:
     name: sa-claude-openshift-ci
     mount_path: /var/run/claude-code-service-account
   - namespace: test-credentials
-    name: claude-payload-agent-github-token
-    mount_path: /var/run/github-token
+    name: pr-creds
+    mount_path: /var/run/pr-creds
   - namespace: test-credentials
     name: microshift-dev-access-keys
     mount_path: /var/run/microshift-dev-access-keys
@@ -26,8 +26,10 @@ ref:
     default: "/var/run/claude-code-service-account/token"
   - name: CLAUDE_MODEL
     default: "claude-opus-4-6[1m]"
-  - name: GITHUB_TOKEN_PATH
-    default: "/var/run/github-token/token"
+  - name: GITHUB_APP_ID_PATH
+    default: "/var/run/pr-creds/app_id"
+  - name: GITHUB_KEY_PATH
+    default: "/var/run/pr-creds/key.pem"
   - name: JIRA_API_TOKEN_PATH
     default: "/var/run/microshift-dev-access-keys/jira_token"
   - name: JIRA_USERNAME_PATH