Store personal access token of Github

First, it is important to get used to generate Personal Access Token (PAT). On Github, you can follow the tutorial of Creating a personal access token.

Although it seems to, a token is not a simple password. You can generate multiple tokens (e.g. one per machine) or revoke acces any time you want. So, that makes easy for us to manage access in our Github account.

As highlighted by github in Creating a personal access token:

Once you have a token, you can enter it instead of your password when performing Git operations over HTTPS.

So, it is possible to use it instead of your password when cloning a private repository:

$ git clone https://github.com/username/private-repo.git
Username: your_username
Password: your_token

Github recommends you use Git Credential Manager Core (GCM Core) to remember your credentials.

Instead of manually entering your PAT for every HTTPS Git operation, you can cache your PAT with a Git client. Git will temporarily store your credentials in memory until an expiry interval has passed. You can also store the token in a plain text file that Git can read before every request.

The installations instructions can be found in the github README.md.

There are several methods for storing credentials that GCM Core manages on Linux platforms. In the documentation of Credential stores on Linux, you can found all available methods.

We could choose plaintext, but this credential store saves credentials to plaintext files in your file system. It isn't a secure method, once the PAT remains expose in your host.

Instead, use libsecret. If it's not already pre-installed on your machine, use the following procedure:

1. Make sure libsecret is installed:

sudo apt install libsecret-1-0 libsecret-1-dev

1. Then build the credential helper from the sources shipped with libsecret's development libraries:

sudo make --directory=/usr/share/doc/git/contrib/credential/libsecret

1. Finally, register the freshly compiled binary as a Git credential helper:

git config --global credential.helper \
   /usr/share/doc/git/contrib/credential/libsecret/git-credential-libsecret

So, if you download a private repository and put your PAT instead of your password, git will store it securely on your computer.

GCM Core highlights that,

It stores credentials securely in 'collections', which can be viewed by tools such as secret-tool and seahorse. A graphical user interface is required in order to show a secure prompt to request a secret collection be unlocked.

So, to view your PAT you can use secret-tool following the procedure:

1. Make sure secret-tools is installed:

sudo apt install libsecret-tools

1. secret-tool stores credentials based on key/value pairs. So, you can show your PAT looking for credential associated with github.com server.

secret-tool lookup server github.com

Conclusion

I hope you found this article helpful. If you need any help please let me know in the comment section.

Let's connect on GitHub and LinkedIn.

👋 Thanks for reading, see you next time.

References

This article is a compilation made from different source materials cited below:

• https://github.com/microsoft/Git-Credential-Manager-Core

• https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token

• https://docs.github.com/en/get-started/getting-started-with-git/caching-your-github-credentials-in-git