GitHub Personal Access Token: Complete Guide for 2025
A GitHub personal access token (PAT) is a secure, alternative method to authenticate with GitHub when using the command line or third-party apps. Instead of typing your GitHub password, you can use a token for access — ideal for working with repositories, APIs, GitHub Actions, and automation tools.
With the deprecation of password-based authentication for Git operations, GitHub access tokens have become the default standard for secure workflows.
Whether you’re trying to clone a private repo, integrate with a CI/CD platform, or push code from the command line, a GitHub authentication token is your new essential tool. For instance, to clone a private repository, you can run:
git clone https://<your-username>:<your-token>@github.com/<your-username>/<repo-name>.git
Just replace the placeholders with your actual username, token, and repository name.
🔍 What Is a Personal Access Token in GitHub?
A personal access token in GitHub is a string of characters that acts like a password. It grants access to your account or specific repositories based on the scopes you choose.
GitHub offers two types of PATs:
| Token type | Description |
|---|---|
| Classic token | Traditional access token with broad permissions |
| Fine-grained token | Newer, more secure token with limited, repo-specific scopes |
🛠️ How to Create a GitHub Personal Access Token
Creating a token is easy, but there are multiple options. Here’s how to create GitHub token using the modern UI.
How to Generate Personal Access Token GitHub:
- Go to GitHub.com > Settings > Developer Settings
- Click “Personal access tokens” → Tokens (classic) or Fine-grained tokens
- Click “Generate new token”
- Select the expiration date and scopes (e.g., repo, workflow, user, gist)
- Click Generate token
- Copy your GitHub PAT token immediately — you won’t see it again!
✅ Tip: Never share your GitHub token. Treat it like a password!
🧠 Where to Find Personal Access Token in GitHub
Once created, you won’t be able to view your GitHub personal token again — it’s only shown once. However, you can manage, regenerate, or revoke tokens anytime via:
Settings > Developer settings > Personal access tokens
If you forget to save your token:
- Delete the old one
- Generate a new GitHub PAT token with the same scopes
Learn more about where to find the tokens and how they look inside the GitHub interface.
🔐 How to Use GitHub Personal Access Token
A personal access token can replace your password for HTTPS Git operations and integrations like curl, Postman, or CI/CD pipelines.
Clone a repository with GitHub token (HTTPS)
Use this command to clone a repo using your PAT:
git clone https://@github.com/username/repo.git
When prompted:
- Username: Enter your GitHub username
- Password: Paste your personal access token
⚠️ Make sure to keep your token secure—never hard-code it or share it publicly.
Use a GitHub token with Git push
When pushing code:
git push origin main
Git will prompt you for credentials:
- Use your GitHub username
- Paste your token as the password
Authenticate with GitHub CLI
To authenticate the GitHub CLI with a token stored in a file:
gh auth login --with-token < token.txt
This is helpful for scripting, automation, or CI environments.
🔗 Reference: GitHub CLI authentication docs
Learn how to push to GitHub here!
🔐 GitHub Token Scopes: What Permissions Should You Choose?
When you generate a GitHub personal access token, you’ll be asked to assign scopes (permissions). These define what the token can access.
| Scope | Purpose |
|---|---|
| repo | Full access to repositories |
| workflow | GitHub Actions & CI/CD |
| read:org | View org membership |
| admin:org | Modify org settings |
| gist | Create and manage gists |
| user | Read/write user profile |
| delete_repo | Dangerous – allows deleting repos |
Only give the permissions your workflow needs. Use fine-grained tokens for better security.
⚠️ GitHub Token Security: Best Practices
- Never share tokens via email, Slack, or in code
- Use separate tokens for different tools or services
- Always set an expiration date
- Use Fine-Grained PATs whenever possible
- Rotate tokens regularly
- Revoke tokens immediately if compromised
🔐 You can also use GitHub personal access tokens for organizations and manage them through GitHub Enterprise or GitHub Apps for added control.
🏢 GitHub Organization Access Tokens
If you’re part of an organization, some additional steps may be required:
- Organization owners may need to approve personal access tokens
- Use GitHub personal access token for organization with limited scope
- Ensure compliance with GitHub enterprise access token policies
These tokens help enforce token usage auditing, access reviews, and service-level isolation.
🧩 GitHub Personal Access Tokens vs SSH Keys
| Feature | GitHub PAT | SSH Key |
|---|---|---|
| Usage | HTTPS (CI/CD, browser) | SSH (terminal only) |
| Setup | Browser-based | Local SSH keygen |
| Security | Scoped & revocable | Long-lived unless manually rotated |
| Visibility | Stored in GitHub | Local/private |
| Integration | Great for APIs, CI | Best for personal CLI use |
⚙️ Common Issues & Fixes
❓ GitHub token not working?
- Re-check scopes
- Confirm token hasn’t expired
- Ensure correct repo access
- Check for 2FA or SSO approval (for orgs)
❓ “Support for password authentication was removed…”
Replace password with GitHub token in the command:
git clone https://<token>@github.com/user/repo.git
Reference GitHub Docs if you need more information on related topics.
💬 FAQs About GitHub Tokens
What is a GitHub token?
A GitHub token is an authentication credential that replaces your password when using Git via HTTPS or APIs.
How do I create a GitHub PAT token?
Go to Settings > Developer Settings > Personal Access Tokens > Generate New Token.
Where is my GitHub personal access token?
It’s shown once after generation. You can’t view it again — save it securely.
Can I use GitHub token in CLI?
Yes. Paste it as password when pushing, or authenticate with gh auth login.
Is a GitHub PAT safer than SSH?
For browser-based and automation workflows, yes. SSH is better for terminal-only use.
🏁 Final Thoughts: Using GitHub Tokens in 2025
GitHub tokens are no longer optional — they’re the industry standard for secure Git authentication. From cloning private repositories to automating CI/CD pipelines and working across GitHub organizations, personal access tokens offer control, safety, and efficiency.
In conclusion, GitHub is a powerful tool for managing code and project collaboration. Integrating it with Everhour makes it even more efficient. It allows teams to track time spent on tasks directly within GitHub (via a GitHub time tracking integration). This time tracker makes it easier to manage projects, stay organized, and improve productivity by linking time tracking with your codebase. With GitHub and Everhour together, teams can work more smoothly and stay on top of their projects.
Check out our breakdown of GitHub Copilot vs ChatGPT for more information!
Maria
A dedicated content enthusiast with extensive experience in international teams and projects of all sizes. Maria thrives on creativity and attention to detail, fueled by a love for fantasy novels, music, classic black-and-white films, and always finding ways to make things better.