Skip to main content

GitHub Fine Grained Personal Access Token

Description

General

  • Documentation: https://docs.github.com/en/rest/overview/permissions-required-for-fine-grained-personal-access-tokens

  • Summary: GitHub Fine-Grained Personal Access Tokens are a more granular and secure alternative to classic Personal Access Tokens. These tokens allow users to define highly specific permissions for accessing repositories, organizations, or other resources.

  • IPs allowlist: No

  • Scopes: Fine-Grained Personal Access Tokens can have a wide variety of permissions, including read/write access to specific repositories, workflows, or packages. For a full list of available permissions, refer to the GitHub documentation.

Revoke the secret

Tokens can be revoked from the access tokens panel. Navigate to the "Fine-grained tokens" section and delete the token to revoke access.

Check for suspicious activity

There is no way to check the exact last API calls made with a token. However, GitHub provides security logs to review account activity and detect suspicious behavior.

Details for Github fine grained pat

  • Family: token

  • Category: version_control_platform

  • Company: GitHub

  • High recall: False

  • Validity check available: True

  • Analyzer available: False

  • On-premise instances exist: True

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 45.53

  • Prefixed: False

  • PreValidators:

- type: ContentWhitelistPreValidator
patterns:
- github_pat_

Examples

- text: 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
apikey: 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

# Fat-fingered secret
- text: g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
apikey: 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