Elena' s AI Blog

The Token Way to GitHub Security

08 May 2023 / 6 minutes to read

Elena Daehnhardt


Midjourney AI-generated art


Introduction

GitHub is a popular web-based platform for version control and collaboration that allows developers to work together on projects from anywhere. It offers various features to manage code and collaborate with others, and one key feature that makes it secure and flexible is the personal access tokens. In this post, I will explain how to create and use personal access tokens, an excellent way to access and update Git repositories.

What is a personal access token?

A Personal Access Token (PAT) is a secure and flexible way to access GitHub without the need to provide your password. It is a unique code that grants access to your account, repositories, and other services without compromising your login credentials. You can create a token with specific permissions, which can be revoked anytime, giving you more control over your account’s security.

I like using personal access tokens instead of passwords when authenticating to GitHub in the command line or with the API. You can pull and push, do commits and do any repository manipulations you need with the personal access tokens expressly set up for your application and required level of access.

Setup

To have a simple setup, I have my remote repository named “origin”, wherein I push my code updates. This is a traditional setup; however, you can call it as you like. I stick with the “origin”.

Please note that should you already have the “origin” defined in your Git client, you might first delete the “origin”. Alternatively, you skip this step and define another alias for your remote repository.

git remote remove origin

To create a personal access token, go to the GitHub website and log in to your account.

Next, we go to the GitHub developer settings page, which is available just below your user icon in the dropdown menu “Settings”. Follow to the left panel to see “Developer Settings” and “Personal access tokens”.

The little street, Jasper.ai

GitHub Developer Settings under your profile icon

At the moment, you have two options there:

  1. Fine-grained tokens (Beta) help generate API tokens for scripts and tests.
  2. Tokens (classic) can be helpful to access the GitHub API.

I use the classic tokens to access GitHub over HTTPS since I don’t like typing in my credentials while doing my commits and little updates.

The little street, Jasper.ai

GitHub Developer Settings, personal access tokens

I usually give a descriptive name for my token, but you can also provide a description that is misleading to potential mischief :)

When creating a new classic access token, you must define access scopes. You need to decide what you want to do with your access token, such as private repositories management, update action workflows, manage your codespaces and many other permissions that explained in the GitHub docs section “Scopes for OAuth Apps”

It is also essential to define your access token’s expiration time to protect its security.

When we click on the “Generate token” button at the bottom of the page, our new token will be displayed on the screen, so make sure to copy it and store it securely, as it won’t be shown again. You will need it soon.

Next, you go to your local directory with the repository and add your access token with the origin alias into the URL as follows:

git remote add origin https://[token]@github.com/[username]/[repository]

Usage

Once you have your personal token, you can access your GitHub account and repositories through different tools and applications. For example, you can use it to authenticate with the GitHub API, or you can use it as a password when you push code to a repository.

git push origin master

To use your token, you must replace your password with it. When prompted for a password, use the token instead. I like this workflow because I like using complicated passwords and am too lazy to type them in :) With the personal tokens, I don’t have to worry about memorising my passwords and security.

Conclusion

In short, we have created a GitHub personal access token and used it to update the remote repository with new commits. Personal access tokens are a powerful way to securely access your GitHub account, repositories, and other services without compromising your login credentials. They are easy to set up, and you can revoke them anytime, making it a flexible way to control your account’s security. Using them can save you time and make your development process more secure.

I update this article periodically with new ideas, so click here and save this blog post to your favourite Pinterest board. Pinning it will ensure you can refer to this detailed article later.

Did you like this post? Please let me know if you have any comments or suggestions.

Git posts that might be interesting for you




Disclaimer: I have used chatGPT while preparing this post, and this is why I have listed chatGPT in my references section. However, most of the text is rewritten by me, as a human, and spell-checked with Grammarly.

References

1. Creating a personal access token

2. Authenticating with a personal access token

3. GitHub, Scopes for OAuth Apps

4. New Chat (chatGPT by OpenAI)

desktop bg dark

About Elena

Elena, a PhD in Computer Science, simplifies AI concepts and helps you use machine learning.

Citation
Elena Daehnhardt. (2023) 'The Token Way to GitHub Security', daehnhardt.com, 08 May 2023. Available at: https://daehnhardt.com/blog/2023/05/08/git-using-access-tokens/
All Posts