Github Personal Access Token

Personal access tokens (PATs) are a secure way to authenticate with a Git server without using your GitHub password.
Tags:
Categories:

  2 minute read  

Personal access tokens (PATs) are a secure way to authenticate with a Git server without using your GitHub password. They are similar to SSH keys in that you create a token and upload it to your Git hosting provider. Once you’ve created the token, you can use it instead of your password to authenticate with the Git server.

Once you’ve authenticated with a Git repository, Git will store your authentication information in a configuration file. By default, Git keeps your authentication information in a plain text file in your home directory called “.gitconfig”. This file contains your username and password (if you’re using HTTPS authentication) or the location of your SSH key (if you’re using SSH authentication).

PAT uses the HTTPS URL not the git@ sytnax.

To ensure that GitHub Actions can push changes to your repository, you’ll typically use a Personal Access Token (PAT) with the appropriate permissions. Here’s how you can create and set up a PAT for use with GitHub Actions:

1. Create a Personal Access Token:

  1. Go to your GitHub profile and click on the top-right corner on your profile picture, then select Settings.
  2. In the left sidebar, click on Developer settings.
  3. In the left sidebar, click on Personal access tokens.
  4. Click the Generate new token button.
  5. Give your token a descriptive name.
  6. Under Select scopes, make sure to select:
    • repo (this grants full control of private repositories)
    • workflow (this allows the token to run workflows)
  7. Scroll down and click the Generate token button.
  8. Important: Copy the generated token to your clipboard. You won’t be able to see it again.

2. Add the Personal Access Token to your Repository:

  1. Go to your GitHub repository.
  2. Click on the Settings tab.
  3. In the left sidebar, click on Secrets.
  4. Click the New repository secret button.
  5. Name the secret (e.g., GH_PAT).
  6. Paste the Personal Access Token you copied earlier into the Value field.
  7. Click the Add secret button.

3. Update the GitHub Actions Workflow:

In the workflow configuration, you’ll need to update a step to use the secret:

- uses: agithubrepo/somecoolapp@v0.0.1
  with:
    gh_token: ${{ secrets.GH_PAT }}

By doing this, the workflow will use the Personal Access Token you created, which has the necessary permissions to push changes to the repository.

Remember to always keep your Personal Access Tokens private. Never expose them in your code or public files. Using them as repository secrets, as shown above, is the recommended way to use them in GitHub Actions.

Last modified July 21, 2024: update (e2ae86c)