While developing in Godot, and using the GitHub plugin, it was very difficult to figure out how to create a fine-grained PAT on GitHub. In fact, searches on it mostly turned up people complaining about how difficult it was. It the process of making a course on learning professional development skills while making a game, we ended up writing down the steps. We added it to the Godot GitHub Plugin Wiki, and thought it might be helpful here too.
If you're wondering why you'd use a PAT - don't. An SSH key is a better solution. It's more secure than having to copy and paste a text string you have to put somewhere. But, if you know you need a PAT, here's how to make one that limits the risks.
How to Make a Fine-grained Personal Access Token (PAT)
- Click your profile photo.
- Select Settings. (Near the bottom).
- Click <> Developer Settings in the left sidebar. (It’s the last option.)
- Click Personal access tokens in the left sidebar.
- Click Fine-grained token.
- Click Generate new token.
- Name it whatever project(s) for which you are making it.
- Set the Expiration for as long as you like. (We don’t recommend over 90 days).
- Make a note to yourself in the Description field. (You'll be glad you did this in a month.)
- Select Only select repositories under Repository access.
- Click the Select Repositories dropdown button that just appeared. 12. Select your repo(s). (You can add as many as you like.)
- Open Repository permissions under the Permissions header.
- Select Read and Write from the Contents dropdown.
- Click the green Generate token button at the bottom of the page.
- Copy your token and store it somewhere secure. You cannot come back to Git to see what it is later, and will have to make a new one if you lose this one.
You now have a PAT limited to only the repos you selected, and just has basic read access to metadata, and read/write access to code. This is all the access 99% of people need from the command line on their computer.
Top comments (0)