GitHub requires users to follow a few security measures to authenticate our GitHub account on our machine, and so that we don't have to provide our account credentials each time we make requests with GitHub, such as through the command line.
- Create a personal access token
- Add a SSH key
Personal Access Tokens are used as an alternate password when interacting with GitHub in the command line. We will be using a Classic Personal Access Token, which allows your command line access to all of your repositories.
If you have worked with GitHub through the command line in the past, you can first check if you already have a Classic Personal Access Token by following steps 1-4 in this guide: Creating a Classic Personal Access Token
If you have a token listed with repo permissions, then you are all set with this step and
If no tokens are listed, continue through steps 9. Take note of our recommendations on these steps:
- Step 5: be sure to select
Generate new token (classic) - Step 6: the token name can be anything, we suggest something as
command line - Step 7: choose
No expiration - Step 8: check the box for
repo
In the next step when you interact with GitHub through the command line and are prompted to enter your account credentials, provide this personal access token in place of your password.
GitHub uses SSH (Secure Shell Protocol) keys as a way to keep us "signed in" to GitHub in the command line so that we can interact with repositories without authenticating our account each time.
Before creating a new SSH key, you can check for an existing one following this guide: Checking for existing SSH key
If the output in the terminal from checking for an existing SSH key returns a message that includes something such as No such file or directory, you will need to create a SSH key.
To create a new SSH key, follow steps 1-3 here: Generating a new SSH key
Once the key has been created you will need to add it to your GitHub account: Adding a new SSH key
As you continue on with the material and interact with GitHub in the terminal, you may be asked to sign in to GitHub in the terminal to authenticate your account. Commands like git clone, for example might ask for this.
You will want to use the Personal Access Token in place of your password when providing your account credentials - this ensures that you will remain signed in through the terminal and do not need to verify your account again.
Follow here for an example of entering the Personal Access Token in the command line: Using a token in the command line
If you are not prompted, it might be because your credentials are already stored on your machine, such as with masOS Keychain. You will want to update the password saved with your credentials to instead reference your personal access token. Use this guide to update your Keychain credentials: Updating credentials from the macOS Keychain
Finally, please run the following command in your terminal to configure git's merge strategy:
git config pull.rebase false
This is the default merge strategy for resolving merging one version of the codebase into an existing branch. Don't sweat what's going on here unless you want to look into rebasing!
With the personal access token and SSH key added, you should no longer be prompted to enter your GitHub credentials in the command line. The Personal Access Token will be treated as a special password to verify your account, and the SSH key allows you to stay signed in to GitHub through the command line.