Getting started with GitHub on macOS often requires authenticating your actions with a Personal Access Token (PAT). This guide will walk you through the steps to generate and install a GitHub PAT, ensuring you can securely access your repositories from the command line. Whether you’re new to GitHub or just setting up on a new machine, this tutorial will help you quickly get up and running.
OBJECTIVES & TOOLS:
OBJECTIVE: To get the developer to install a personal access token on a computer running MacOS or Linux.
You will need access and familiarity with the following to complete this task:
- Computer running a recent version of MacOS.
- Terminal (BaSH)
- Text Editor
- Web Browser
- GitHub.com Account
CREATING A PERSONAL ACCESS TOKEN (CLASSIC)
NOTE: Your personal access token (classic) can access every repository that you can access. GitHub recommends that you use fine-grained personal access tokens instead, which you can restrict to specific repositories. Fine-grained personal access tokens also enable you to specify fine-grained permissions instead of broad scopes.You can and should update and secure your tokens as you progress through your learning and experience.
PATs can be reset and revoked at any time. The data and projects in your online repositories on GitHub will be safe.
Comparing PAT and SSH
excerpt from: https://locall.host/pat-vs-ssh-github/
Compare Personal Access Tokens (PAT) and Secure SHell (SSH) methods based on their features, security, and ease of use.
Personal Access Token (PAT)
Features
- Customizable permissions: Grant specific access levels to each token.
- Expirable tokens: Set an expiration date for each token to enhance security.
- Easy to manage and revoke: View and revoke tokens directly from the account’s settings.
Security
- Though considered more secure than passwords, PATs still pose a risk if they’re exposed or leaked. In such cases, it is essential to revoke the token immediately to prevent unauthorized access.
Ease of Use
- Integrating PATs into your workflow is simple, as it’s just a matter of replacing passwords with tokens during Git operations over HTTPS.
Secure SHell (SSH)
Features
- Strong encryption: Uses cryptographic protocols for secure communication.
- Key-based authentication: Eliminates the need for passing passwords over the network.
- Widely adopted and supported: Trusted by developers worldwide.
Security
- The use of key pairs ensures that only the public key is exposed, while the private key remains secure. As long as the private key is kept secret and protected, SSH provides a high level of security.
Ease of Use
- Setting up and using SSH keys may require additional steps and configuration, but once done, you’ll enjoy seamless and efficient authentication without the need for tokens or passwords.
Conclusion: Which Method to Choose?
Deciding between PAT vs SSH Github ultimately depends on your specific requirements and preferences. If you prefer an easy-to-use solution with customizable permissions, then PATs are the way to go. However, if you’re looking for a more robust and secure method that eliminates the need for managing tokens, then SSH is the better choice.
In either case, remember to follow best practices for securing your authentication credentials. For PATs, this means storing tokens securely and setting appropriate expiration dates. For SSH, ensure your private keys are protected and never shared. By doing so, you’ll maintain a secure and efficient workflow while accessing your Github repositories.
WATCH FIRST
Watch the recording first, then follow the step by step directions to get the Personal Access Token installed into your Operating System.
Generate a Personal Access Token
- In the upper-right corner of any page, click your profile photo, then click Settings.
- In the left sidebar, click Developer settings.
- In the left sidebar, under Personal access tokens, click Tokens (classic).
- Select Generate new token, then click Generate new token (classic).
- In the “Note” field, give your token a descriptive name for example: https://meet.google.com/ujs-hidw-jdq1)
- To give your token an expiration, select Expiration, then choose a value. Select “No Expiration” for this token. (X2)
- Under “Select Scopes”, select the first checkbox that says “repo”. (X3)
- Click Generate token. (X4)
- Copy the new token to your clipboard and save it to a safe place. (X5)
NOTE: Keep this page open, or copy the token code to a text document, while you complete this process. If you lose the token it will have to be regenerated.
IMPORTANT! You will need to paste it into the password field in the terminal when it prompts (asks) you to do so.
INSTALL PERSONAL ACCESS TOKEN
Starting the process, opening terminal.app, and navigating to the correct folders from instructions.
- Launch the “terminal“. You can launch the terminal with either of the 2 options below.
- CMD + Spacebar and type in terminal.app and hit enter.
- Open a finder window and go to Applications > Utilities > Terminal.app
- Type pwd into the terminal and press enter. You should see output similar to: “Users/username/“
- Navigate to your “Documents” folder by by typing the following on the command line in the terminal: [ cd Documents ]
- Create a new folder for classwork called “Projects” inside the “Documents” folder by typing the following on the command line in the terminal: [ mkdir Projects ] (if needed-this may have been created in class previously)
- In the terminal navigate to your “Projects” folder with the command: [ cd Projects/ ]
- Create a new folder called “token-install” with the command: [ mkdir token-install ]
- Change directory and go into the new “token-install” folder using: [ cd token-install ]
- Keep this terminal window open. You will need it again.
Create the token install repository.
- Open a web browser and navigate to https://github.com, please login to the site.
- Click the [ + ] icon in the top right and click on “New repository”
- Name the repository “token-install”.
- Select “Private” and leave the other options as defaults.
- Press the “Create Repository” button.
- Copy the block of commands from the github.com website and paste them into your terminal and then press [ ENTER ] or [ RETURN ] on your keyboard.
NOTE: This is just an example of the steps to follow DO NOT COPY. It will not work. Please use the code that was created for you on the github.com website and make sure you are in the correct folder in the terminal.
- It will spit out a few lines then should stop and ask you for your-github-username.
- Please type in your github.com username in the Terminal window and press “Enter”
- Then you should see it asking for your Password. DO NOT TYPE IN YOUR PASSWORD FOR GITHUB. Go to next step.
- You now need to go back and copy the Personal Access Token you created earlier for the next step.
- Copy (cmd + c) your Personal Access Token from the GitHub.com website or the text file you created earlier.
- Paste (cmd + p) your Personal Access Token that you created earlier into the command line and click enter. (the cursor may also just flash)
- The repository commands should finish. Please try a [ git status ] to verify it completed. You should see a message that looks like “On branch main – Your branch is up to date with origin/main” in the terminal.
- Your Personal Access Token (PAT) for github.com is now installed.
NOTE: You may remove this repo once you are done with it. It was just created to install the token. If you have any issues please contact a mentor.