Creating a personal access token

You should create a personal access token to use in place of a password with the command line or with the API.

In this article

Did this doc help you?

Personal access tokens (PATs) are an alternative to using passwords for authentication to GitHub when using the GitHub API or the command line.

If you want to use a PAT to access resources owned by an organization that uses SAML SSO, you must authorize the PAT. For more information, see "About authentication with SAML single sign-on" and "Authorizing a personal access token for use with SAML single sign-on."

As a security precaution, GitHub automatically removes personal access tokens that haven't been used in a year.

Creating a token

  1. Verify your email address, if it hasn't been verified yet.

  2. In the upper-right corner of any page, click your profile photo, then click Settings.

    Settings icon in the user bar

  3. In the left sidebar, click Developer settings.

    Developer settings

  4. In the left sidebar, click Personal access tokens.

    Personal access tokens

  5. Click Generate new token.

    Generate new token button

  6. Give your token a descriptive name.

    Token description field

  7. Select the scopes, or permissions, you'd like to grant this token. To use your token to access repositories from the command line, select repo.

    Selecting token scopes

  8. Click Generate token.

    Generate token button

  9. Click to copy the token to your clipboard. For security reasons, after you navigate off the page, you will not be able to see the token again.

    Newly created token

    Warning: Treat your tokens like passwords and keep them secret. When working with the API, use tokens as environment variables instead of hardcoding them into your programs.

  10. To use your token to authenticate to an organization that uses SAML SSO, authorize the token for use with a SAML single-sign-on organization.

Using a token on the command line

Once you have a token, you can enter it instead of your password when performing Git operations over HTTPS.

For example, on the command line you would enter the following:

$ git clone
Username: your_username
Password: your_token

Personal access tokens can only be used for HTTPS Git operations. If your repository uses an SSH remote URL, you will need to switch the remote from SSH to HTTPS.

If you are not prompted for your username and password, your credentials may be cached on your computer. You can update your credentials in the Keychain to replace your old password with the token.

Further reading

Did this doc help you?