GitHub Fine Grained Personal Access Token

Description

General

• Documentation: https://docs.github.com/en/rest/overview/permissions-required-for-fine-grained-personal-access-tokens

• Summary: GitHub Fine-Grained Personal Access Tokens are a more granular and secure alternative to classic Personal Access Tokens. These tokens allow users to define highly specific permissions for accessing repositories, organizations, or other resources.

• IPs allowlist: No

• Scopes: Fine-Grained Personal Access Tokens can have a wide variety of permissions, including read/write access to specific repositories, workflows, or packages. For a full list of available permissions, refer to the GitHub documentation.

Revoke the secret

Tokens can be revoked from the access tokens panel. Navigate to the "Fine-grained tokens" section and delete the token to revoke access.

Check for suspicious activity

There is no way to check the exact last API calls made with a token. However, GitHub provides security logs to review account activity and detect suspicious behavior.

Details for Github fine grained pat

• Family: token

• Category: version_control_platform

• Company: GitHub

• High recall: False

• Validity check available: True

• Analyzer available: False

• On-premise instances exist: True

• Only valid secrets raise an alert: False

• Minimum number of matches: 1

• Occurrences found for one million commits: 45.53

• Prefixed: False

• PreValidators:

- type: ContentWhitelistPreValidator
  patterns:
    - github_pat_

Examples

- text: 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
  apikey: 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

# Fat-fingered secret
- text: g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
  apikey: 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