Using Personal Access Tokens with GitHub 🎫

What are Personal Access Tokens?

Personal Access Tokens (PATs) are an alternative to SSH keys for authenticating with GitHub over HTTPS. They act as your password when using HTTPS URLs.

When to Use Tokens vs SSH

• SSH Keys: Best for daily development (recommended)
• Personal Access Tokens: Best for HTTPS access, automation, CI/CD, or scripts
• Both: You can use SSH for yourself and tokens for automated systems

---

Creating a Personal Access Token

Step 1: Navigate to Token Settings

1. Go to github.com and log in
2. Click your profile picture (top right) → Settings
3. Scroll down in the left sidebar → Click "Developer settings"
4. Click "Personal access tokens" → "Tokens (classic)"
5. Click "Generate new token" → "Generate new token (classic)"

Step 2: Configure Your Token

Fill in the form:

Note: Give it a descriptive name

My Laptop - Git Access

or

Work Computer - 2025

Expiration: Choose how long the token is valid

RecommendedOther Options

• 90 days - Good balance of security and convenience
• You'll get reminded before it expires

• 30 days - More secure, more frequent renewal
• No expiration - Convenient but less secure
• Custom - Set your own date

Select scopes: Choose what the token can do

Minimum Required Scope

At minimum, you must select repo for basic git push/pull operations.

Step 3: Generate and Copy

1. Scroll down and click "Generate token"
2. Copy the token immediately!

ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Important - Copy Now!

You'll only see this token once! If you lose it, you'll need to generate a new one.

Save it somewhere safe temporarily (like a password manager).

---

Using Your Token

Method 1: Enter When Prompted (Manual)

When you clone or push using HTTPS, Git will prompt you:

• your-username is your Github Handle

$ git clone https://github.com/username/repo.git
Username: your-username
Password: [paste your token here, NOT your password]

Important: Use your token as the password, not your GitHub password!

---

Credential Caching (Recommended)

Instead of entering your token every time, cache it securely!

Caching with Git Credential Store (Permanent)

Store credentials in a plain text file (less secure but convenient):

# Enable credential store
git config --global credential.helper store

How it works:

$ git push
Username: your-username
Password: [enter token]
# Stored in ~/.git-credentials

# Future operations:
$ git push
# No prompt - uses stored token!

The file: ~/.git-credentials

https://your-username:ghp_TOKEN@github.com

Security Consideration

This stores your token in plain text on disk!

• ✅ Use on your personal computer
• ❌ Don't use on shared/public computers
• ❌ Don't use in cloud environments

---

Managing Your Tokens

View Your Tokens

1. Go to GitHub → Settings → Developer settings → Personal access tokens
2. You'll see all your tokens with:
3. Name
4. Last used date
5. Expiration date
6. Scopes

Revoke a Token

If a token is compromised or no longer needed:

1. Go to your tokens list
2. Click "Delete" next to the token
3. Confirm deletion

The token stops working immediately.

Regenerate an Expired Token

When a token expires:

1. Click "Regenerate token" next to the expired one
2. Copy the new token
3. Update your credential cache (or enter it next time Git asks)

---

Troubleshooting

Problem: "Authentication failed"

Cause: Token is wrong, expired, or has insufficient scopes

Solution:

# Clear cached credentials
# On Windows:
git credential-manager erase https://github.com

# On macOS:
git credential-osxkeychain erase https://github.com

# On Linux (cache):
git credential-cache exit

# On Linux (store):
rm ~/.git-credentials

# Try again with fresh token
git push

Problem: Still asking for password every time

Cause: Credential caching not configured

Solution:

# Check current config
git config --global credential.helper

# If empty or wrong, set it:
# For cache (Linux/macOS):
git config --global credential.helper cache

# For store (permanent):
git config --global credential.helper store

# For macOS Keychain:
git config --global credential.helper osxkeychain

Problem: "Support for password authentication was removed"

Cause: Using your GitHub password instead of token

Solution:

You must use a Personal Access Token as the password, not your GitHub password!

Username: your-username
Password: ghp_xxxxxxxxxxxx  ← Your TOKEN, not password!

Problem: Token works but keeps asking

Cause: Multiple credential helpers fighting each other

Solution:

# See all credential helpers
git config --list | grep credential

# Remove all and set one
git config --global --unset-all credential.helper
git config --global credential.helper osxkeychain  # or your choice

---

Switching Between HTTPS and SSH

From HTTPS to SSH

# Check current remote
git remote -v

# Change to SSH
git remote set-url origin git@github.com:username/repo.git

# Verify
git remote -v

From SSH to HTTPS

# Check current remote
git remote -v

# Change to HTTPS
git remote set-url origin https://github.com/username/repo.git

# Verify
git remote -v

---

Comparison: Credential Caching Methods

Method	Security	Ease	Platform	Persistence
Git Credential Manager	⭐⭐⭐⭐⭐	⭐⭐⭐⭐⭐	All	Permanent
macOS Keychain	⭐⭐⭐⭐⭐	⭐⭐⭐⭐	macOS	Permanent
Credential Cache	⭐⭐⭐⭐	⭐⭐⭐⭐	Linux/macOS	Temporary
Credential Store	⭐⭐	⭐⭐⭐⭐⭐	All	Permanent

Recommendation:

1. Best: Git Credential Manager (all platforms)
2. macOS: osxkeychain
3. Linux (temporary): credential cache
4. Simple (less secure): credential store

---

Best Practices

Do This

✅ Use descriptive token names ("Laptop 2025")
✅ Set expiration dates (90 days recommended)
✅ Use minimal required scopes
✅ Revoke tokens you don't need
✅ Use credential caching
✅ Store tokens in password manager

Don't Do This

❌ Share tokens with others
❌ Commit tokens to Git repositories
❌ Use tokens in URLs (visible in history)
❌ Give tokens more permissions than needed
❌ Create tokens with no expiration (unless required)
❌ Reuse the same token everywhere

---

Quick Reference

Create Token

1. GitHub → Settings → Developer settings
2. Personal access tokens → Generate new token
3. Select repo scope
4. Copy token immediately

Cache Token (Quick Setup)

# Windows (Git Credential Manager - included)
# Just use git, it prompts automatically

# macOS
git config --global credential.helper osxkeychain

# Linux (8 hour cache)
git config --global credential.helper 'cache --timeout=28800'

Clear Cached Credentials

# Windows
git credential-manager erase https://github.com

# macOS  
git credential-osxkeychain erase https://github.com

# Linux (cache)
git credential-cache exit

# Linux (store)
rm ~/.git-credentials

---

SSH vs HTTPS + Token

Feature	SSH	HTTPS + Token
Setup Complexity	Medium	Easy
Security	⭐⭐⭐⭐⭐	⭐⭐⭐⭐
Convenience	⭐⭐⭐⭐⭐	⭐⭐⭐⭐ (with caching)
Corporate Firewalls	Sometimes blocked	Usually works
Expiration	Never	Can expire
Automation	Excellent	Excellent
Recommended For	Daily dev work	CI/CD, automation

Bottom line: SSH is generally better for personal development, but tokens work great too, especially with credential caching!

---

← Back: SSH Keys Next: Your First Repository →

---

Key Takeaways

• ✅ Passwords don't work - must use tokens or SSH
• ✅ Create tokens at: Settings → Developer settings → Personal access tokens
• ✅ Select repo scope for Git operations
• ✅ Use credential caching to avoid re-entering token
• ✅ Git Credential Manager is best (all platforms)
• ✅ Tokens can expire - set reminders!
• ✅ Revoke tokens you no longer need