Skip to main content

Creating a personal access token

You can create a personal access token to use in place of a password with the command line or with the API.


  • If you use GitHub CLI to authenticate to GitHub Enterprise Cloud on the command line, you can skip generating a personal access token and authenticate via the web browser instead. For more information about authenticating with GitHub CLI, see gh auth login.
  • Git Credential Manager is a secure, cross-platform alternative to using personal access tokens (PATs) and eliminates the need to manage PAT scope and expiration. For installation instructions, see Download and install in the GitCredentialManager/git-credential-manager repository.

Personal access tokens (PATs) are an alternative to using passwords for authentication to GitHub Enterprise Cloud when using the GitHub API or the command line.

If you want to use a PAT to access resources owned by an organization that uses SAML SSO, you must authorize the PAT. For more information, see "About authentication with SAML single sign-on" and "Authorizing a personal access token for use with SAML single sign-on."

作为安全防范措施,GitHub 会自动删除一年内未使用的个人访问令牌。 为了提供额外的安全性,我们强烈建议在您的个人访问令牌中添加到期日。

A token with no assigned scopes can only access public information. To use your token to access repositories from the command line, select repo. For more information, see "Available scopes".

Creating a token

  1. Verify your email address, if it hasn't been verified yet.

  2. 在任何页面的右上角,单击您的个人资料照片,然后单击 Settings(设置)

    用户栏中的 Settings 图标

  3. 在左侧栏中,单击 开发者设置

  4. 在左侧边栏中,单击 Personal access tokens(个人访问令牌)个人访问令牌

  5. 单击 Generate new token(生成新令牌)生成新令牌按钮

  6. Give your token a descriptive name. Token description field

  7. To give your token an expiration, select the Expiration drop-down menu, then click a default or use the calendar picker. Token expiration field

  8. Select the scopes, or permissions, you'd like to grant this token. To use your token to access repositories from the command line, select repo.

    Selecting token scopes

  9. Click Generate token. Generate token button

    Newly created token

    Warning: Treat your tokens like passwords and keep them secret. When working with the API, use tokens as environment variables instead of hardcoding them into your programs.

  10. To use your token to authenticate to an organization that uses SAML single sign-on, authorize the token. For more information, see "Authorizing a personal access token for use with SAML single sign-on."

Using a token on the command line

如果您有令牌,则可以在通过 HTTPS 执行 Git 操作时输入令牌,而不是密码。


$ git clone
Username: your_username
Password: your_token

Personal access tokens can only be used for HTTPS Git operations. If your repository uses an SSH remote URL, you will need to switch the remote from SSH to HTTPS.

If you are not prompted for your username and password, your credentials may be cached on your computer. You can update your credentials in the Keychain to replace your old password with the token.

Instead of manually entering your PAT for every HTTPS Git operation, you can cache your PAT with a Git client. Git will temporarily store your credentials in memory until an expiry interval has passed. You can also store the token in a plain text file that Git can read before every request. For more information, see "Caching your GitHub credentials in Git."

Further reading