Skip to content

Instantly share code, notes, and snippets.

@jonjack
Last active October 10, 2024 22:24
Show Gist options
  • Save jonjack/bf295d4170edeb00e96fb158f9b1ba3c to your computer and use it in GitHub Desktop.
Save jonjack/bf295d4170edeb00e96fb158f9b1ba3c to your computer and use it in GitHub Desktop.
Adding & Updating GitHub Access Token on Mac

Using an Access Token for the first time

Follow the instructions on Github to Create an Access Token in Github

Configure Git to use the osxkeychain

By default, git credentials are not cached so you need to tell Git if you want to avoid having to provide them each time Github requires you to authenticate. On Mac, Git comes with an “osxkeychain” mode, which caches credentials in the secure keychain that’s attached to your system account.

You can tell Git you want to store credentials in the osxkeychain by running the following:-

git config --global credential.helper osxkeychain

Add your access token to the osxkeychain

Now issue a command to interract with Github which requires authentication, eg. git clone or git pull. When you are prompted to supply your Password for 'https://[email protected]': you enter your access token instead. Your token should now get cached in the osxkeychain automatically.

$ git clone https://github.com/username/repo.git

Cloning into 'repo'...
Username for 'https://github.com': your_github_username
Password for 'https://[email protected]': your_access_token

Updating an existing Access Token

Regenerate token on Github

If your existing token has expired, or been revoked, or you are on a new machine and do not have access to the existing token then you can regerate a new one in the Github console Settings -> Developer settings -> Personal access tokens.

Remove an existing token from your Mac keychain

You can remove an existing password or token stored in the osxkeychain using the following command.

$ git credential-osxkeychain erase ↵
host=github.com ↵
protocol=https ↵
↵

You should now be prompted for your Github credentials when attempting a git pull/clone/push etc and your token should automatically get stored in the osxkeychain. If subsequent calls to Github repeatedly prompt you for your credentials then likely the credential.helper is not set - see next section.


Troubleshooting

$ git pull

remote: Invalid username or password.
fatal: Authentication failed for 'https://github.com/user/repo.git/'

If authentication fails and you are not prompted to enter your credentials, like in the above example, or you are repeatedly challenged by Github for your credentials, then check if you have the credential.helper set.

git config --global credential.helper

If not, or it is set to something other than osxkeychain, then update/set it.

git config --global --unset credential.helper
git config --global credential.helper osxkeychain

Then try again and you should now be prompted for your credentials.

$ git clone https://github.com/username/repo.git

Cloning into 'repo'...
Username for 'https://github.com': your_github_username
Password for 'https://[email protected]': your_access_token

Ensure you provide your access token rather than password when prompted.

@shriram
Copy link

shriram commented Jul 6, 2024

Thanks @jeremykoerber — that's the only thing that has worked for me. However, it's not clear to me what token and over what scopes and time gets installed by this process. Another option, which provides more fine-grained access, is the following (after installing the gh CLI, as you did): run

gh auth login

and provide these answers:

? What account do you want to log into?
GitHub.com
? What is your preferred protocol for Git operations on this host?
HTTPS
? Authenticate Git with your GitHub credentials?
No

This forces gh to ask:

? How would you like to authenticate GitHub CLI?

To which you can select Paste an authentication token. This then provides a prompt where you can paste in your token. The token needs to have repo and read:org scopes at a minimum.

To confirm, one can run

gh auth token

and this will show the newly-created token, which should match the "copy this or forever lose access to it" text shown on the Web.

@KarinaBeliveau
Copy link

Thanks for sharing it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment