diff --git a/.mise.toml b/.mise.toml
index 900684483bb..1d71a8550e3 100644
--- a/.mise.toml
+++ b/.mise.toml
@@ -14,7 +14,7 @@ run = "uv pip install -r requirements.txt"
 python = "3.13"
 uv = "latest"
 # Operations tools
-"aqua:budimanjojo/talhelper" = "3.0.17"
+"aqua:budimanjojo/talhelper" = "3.0.18"
 "aqua:cloudflare/cloudflared" = "2025.2.0"
 "aqua:FiloSottile/age" = "1.2.1"
 "aqua:fluxcd/flux2" = "2.4.0"
diff --git a/templates/config/kubernetes/bootstrap/apps/github-deploy-key.sops.yaml.j2 b/templates/config/kubernetes/bootstrap/apps/resources/github-deploy-key.sops.yaml.j2
similarity index 100%
rename from templates/config/kubernetes/bootstrap/apps/github-deploy-key.sops.yaml.j2
rename to templates/config/kubernetes/bootstrap/apps/resources/github-deploy-key.sops.yaml.j2
diff --git a/templates/scripts/validation.py b/templates/scripts/validation.py
index 9117efdcb19..86461da9535 100644
--- a/templates/scripts/validation.py
+++ b/templates/scripts/validation.py
@@ -101,6 +101,14 @@ def validate_ntp_servers(servers: list = ["162.159.200.1","162.159.200.123"], **
             raise ValueError(f"Unable to connect to NTP server {server}") from e
 
 
+@required("github")
+def validate_github_repository(github: dict, **_) -> None:
+    if not github.get('repository'):
+        raise ValueError(f"Missing required key github.repository")
+    if not re.match(r"[a-zA-Z0-9-_]+/[a-zA-Z0-9-_]+", github.get('repository')):
+        raise ValueError(f"Invalid github repository {github.get('repository')}, must match [a-zA-Z0-9-_]+/[a-zA-Z0-9-_]+")
+
+
 def validate(data: dict) -> None:
     validate_python_version()
 
@@ -109,3 +117,4 @@ def validate(data: dict) -> None:
 
     validate_dns_servers(data)
     validate_ntp_servers(data)
+    validate_github_repository(data)