Create a personal access token on your application settings page. For more information, see "Creating a personal access token."
- You must verify your email address before you can create a personal access token. For more information, see "Verifying your email address."
- We recommend that you regularly review your authorized integrations. Remove any applications and tokens that haven't been used in a while. For more information, see "Reviewing your authorized integrations."
As a security precaution, GitHub automatically removes personal access tokens that haven't been used in a year. To provide additional security, we highly recommend adding an expiration to your personal access tokens.
Once you have a token, you can enter it instead of your password when performing Git operations over HTTPS.
For example, on the command line you would enter the following:
$ git clone https://github.com/username/repo.git Username: your_username Password: your_token
To avoid these prompts, you can use Git password caching. For information, see "Caching your GitHub credentials in Git."
Warning: Tokens have read/write access and should be treated like passwords. If you enter your token into the clone URL when cloning or adding a remote, Git writes it to your .git/config file in plain text, which is a security risk.