Home

PATs

PATs, or Personal Access Tokens, are credentials used to authenticate to services that implement token-based authentication. They are typically long-lived strings issued to a user and used to access APIs or command-line tools on that user’s behalf. PATs function as bearer tokens and can be presented in API requests in place of a password, often via an Authorization header or as a user password in basic authentication, depending on the service.

Creation and scope: PATs are created by a user in the service’s security or developer settings. They

Usage: PATs are commonly used for automated workflows, scripts, and continuous integration and deployment pipelines where

Security considerations: If a PAT is compromised, an attacker may perform any action permitted by its scope

are
configured
with
a
scope
or
permissions
profile
that
limits
what
the
token
can
do
(for
example,
read
access
to
repositories
or
full
administrative
rights).
They
may
expire
after
a
set
period
and
can
be
revoked
by
the
user
at
any
time.
Some
platforms
support
organization-
or
project-scoped
PATs
and
policy
controls.
interactive
login
is
impractical.
They
are
often
used
in
place
of
passwords
in
API
calls.
Because
tokens
grant
access,
they
should
be
stored
securely
and
not
embedded
in
source
code
or
logs;
prefer
secret
management
tools
and
environment
variables.
Rotate
tokens
regularly
and
revoke
unused
ones.
until
it
is
revoked.
Limit
token
scope
to
the
minimum
required,
monitor
usage,
and
apply
access
controls.
Prefer
short-lived
tokens
or
OAuth-based
authentication
when
possible,
and
use
SSH
keys
for
version
control
where
supported.
Regular
audits
of
token
creation
and
revocation
are
recommended.