I believe Personal Access Tokens (PATs) are a great way to securely authenticate git operations for GitHub. In this blog, I will demonstrate and explain how and why I use PATs for secure GitHub authentication. One main reason for this post is that I recently created an automation tool called SAP that allows anyone to easily switch between multiple GitHub accounts without the hassle of SSH keys.
Disclaimer
I am not going to argue about SSH vs. HTTPS for managing GitHub accounts, as I believe both are great options that can also be used together. This is simply my opinion on the best method for securely authenticating any git operations. I could be wrong and might change my opinion in the future, so please take this information with a grain of salt.
Why I Use PATs
When you have multiple GitHub accounts and need to switch between them while securely authenticating the operations of those accounts without using SSH keys, Personal Access Tokens (PATs) are essential. This is due to their flexibility, which allows you to choose the lifespan of your Personal Access Tokens as well as select the type of access you want a PAT to have. In my opinion, this flexibility and customizability are the main reasons why I use PATs.
How to Create PATs
To create a PAT, follow these steps:
- Click on Settings.
- Navigate to Developer Settings.
- Click on Generate new token (classic) from the Personal Access Tokens section.
- Customize your PAT settings.
- After customizing, click Generate Token. Your newly generated token should resemble the one shown in the image.
Using a PAT
You will need to use a PAT because you cannot use your GitHub account password for authentication. Your PAT should authenticate any Git operation based on the permissions you granted to it.
The Good and Downside of Using PATs
The only downside of using PATs, in my opinion, is that you are responsible for storing the token that is generated and ensuring it is stored securely to prevent getting hacked. However, I believe the advantages of PATs can be used to mitigate this downside. PATs give you the ability to set a very short lifespan and customize the operations a specific token can access. Additionally, you can always delete tokens after each working session and create a new token when you start a new session to avoid the downside. This flexibility provides many creative ways to use PATs securely.
To Conclude
I hope you have gained something valuable from this blog. If you like PATs, then I think you should also consider using SAP, the automation tool that allows you to switch between multiple GitHub accounts. Thanks for reading!