Personal Access Tokens

Concept

For HTTPS remotes (or CI), GitHub no longer accepts passwords on the API. Use PATs.

Create at: GitHub → Settings → Developer Settings → Personal access tokens → Fine-grained tokens.

Best practice:

Fine-grained, not classic — scopes per-repo.
Set short expiry (30–90 days). Renew on a calendar reminder.
Grant only the permissions you actually need (Contents: Read+Write covers most workflows).

Use as the password when Git prompts. Or store via a credential helper:

git config --global credential.helper osxkeychain     # macOS
git config --global credential.helper libsecret       # Linux
git config --global credential.helper manager         # Windows

For CI, store the PAT as a secret env var and embed in the URL:

https://x-access-token:$GITHUB_TOKEN@github.com/org/repo.git

Challenge

Configure a credential helper

WorkshopSimulated · no real damage

Terminal~/project·main

Idle

Working treemain

Not a git repository. git init to start.

Commit graph

main

Commits will appear here.

Each command rewrites this graph in real time.