Git Guides
Git Guides is an open-source collection of clear, beginner-friendly tutorials that introduce the fundamentals of Git. It provides concise explanations of core concepts, essential commands, and common workflows, offering a reliable starting point for learning how to manage versioned projects and collaborate effectively with Git.
Choosing an Authentication Method for GitHub
| Authentication Method | When to Use It |
|---|---|
| SSH Keys (Preferred) | For most users performing regular Git operations, especially on trusted personal or work machines. Ideal when you need a secure, long-lived authentication method without entering credentials. |
| Fine-Grained Personal Access Tokens (FGPATs) | When you need highly specific, restricted, time-bound access for scripts, applications, CI/CD systems, or when least-privilege access is required. |
| Personal Access Tokens (Classic) | Only when required by legacy workflows or integrations that do not yet support FGPATs. Best used temporarily or during a transition to more secure authentication. |
If you already cloned App State repos, update the remote: Clone with HTTPS and use Personal Access Tokens instead of SSH: To generate a token, open your GitHub settings and click on Developer settings, then Personal Access Tokens. For more information, see Connecting to GitHub with SSH.Setting Up and Using SSH Keys
ssh-keygen -t ed25519 -C "[email protected]" -f ~/.ssh/id_ed25519_appstate
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519_appstate
Add a Public Key to GitHub
pbcopy < ~/.ssh/id_ed25519_appstate.pub
cat ~/.ssh/id_ed25519_appstate.pub
cat ~/.ssh/id_ed25519_appstate.pub | clip
Clone Repositories
git clone [email protected]:username/repo.git
git clone git@github-appstate:username_appstate/repo.git
Update Existing Repos
git remote set-url origin git@github-appstate:username_appstate/repo.git
Test Connections
ssh -T [email protected]
ssh -T git@github-appstate
Alternative: Use HTTPS
git clone https://github.com/username_appstate/repo.git
Setting Up and Using Fine-Grained Personal Access Token
Fine-grained personal access tokens (PATs) are a more secure and flexible alternative to classic PATs. They allow users to authenticate with GitHub while granting precise, limited access to specific resources.
Unlike classic PATs, which offer broad access across all repositories and organizations a user can access, fine-grained PATs allow for granular control over:
- Which repositories the token can access
- What actions the token can perform (e.g., read-only, write access)
- Which organization resources are accessible
Advantages Over Classic PATs
- Tokens are scoped to a single user or organization
- Access is limited to specific repositories
- Permissions are explicitly defined per token
- Organization owners can require approval for tokens accessing their resources
Why Use Classic PATs?
While fine-grained PATs are more secure, classic PATs are still required for certain use cases:
- Only classic PATs can write to public repositories not owned by you or your organization
- Outside collaborators must use classic PATs to access organization repositories
- Some REST API endpoints are only accessible with classic PATs. To check whether an endpoint also supports fine-grained personal access tokens, see the documentation for that endpoint, or see Endpoints available for fine-grained personal access tokens.
Managing Fine-Grained PATs
Treat all PATs like passwords:
- Do not share them
- Store them securely (e.g., in a password manager)
- Revoke them when no longer needed
Create or Manage PATs
You can manage fine-grained PATs from your GitHub account:
Create a Fine-Grained PAT
Steps:
- Give the token a descriptive name
- Set an expiration date (can be set to "no expiration")
- Select the specific repositories the token should access
- Choose only the permissions needed for the task
- Save and store the token securely
Tip
It’s better to start with minimal permissions and expand only if needed. You can always delete and recreate tokens as necessary.
Sample Use Cases at App State
- Grant automated tools push/pull access to specific repositories only
- Allow students to read and respond to GitHub issues without commit access
- Enable an automation script to manage SSH keys
- Allow an external application to access a user’s GitHub Copilot license
Setting Up and Using Personal Access Tokens (Classic)
Overview
Personal Access Tokens (PATs) are an alternative to using passwords for authentication to GitHub when using the Git command line or API. They're required when using HTTPS with Git operations.










