[{"data":1,"prerenderedAt":778},["ShallowReactive",2],{"navigation_docs":3,"-engineering-github-personal-access-token":209,"-engineering-github-personal-access-token-surround":774},[4,8,50,75,133,149,162,171,205],{"title":5,"path":6,"stem":7},"Introduction","\u002Fintroduction","0.introduction",{"title":9,"path":10,"stem":11,"children":12,"page":49},"Company","\u002Fcompany","1.company",[13,17,21,25,29,33,37,41,45],{"title":14,"path":15,"stem":16},"About","\u002Fcompany\u002Fabout","1.company\u002F0.about",{"title":18,"path":19,"stem":20},"Values","\u002Fcompany\u002Fvalues","1.company\u002F1.values",{"title":22,"path":23,"stem":24},"Communication","\u002Fcompany\u002Fcommunication","1.company\u002Fcommunication",{"title":26,"path":27,"stem":28},"Competition","\u002Fcompany\u002Fcompetition","1.company\u002Fcompetition",{"title":30,"path":31,"stem":32},"Hybrid Working","\u002Fcompany\u002Fhybrid-working","1.company\u002Fhybrid-working",{"title":34,"path":35,"stem":36},"Operations","\u002Fcompany\u002Foperations","1.company\u002Foperations",{"title":38,"path":39,"stem":40},"Policies","\u002Fcompany\u002Fpolicies","1.company\u002Fpolicies",{"title":42,"path":43,"stem":44},"Product","\u002Fcompany\u002Fproduct","1.company\u002Fproduct",{"title":46,"path":47,"stem":48},"Security","\u002Fcompany\u002Fsecurity","1.company\u002Fsecurity",false,{"title":51,"path":52,"stem":53,"children":54,"page":49},"People Ops","\u002Fpeople-ops","2.people-ops",[55,59,63,67,71],{"title":56,"path":57,"stem":58},"Compensation","\u002Fpeople-ops\u002Fcompensation","2.people-ops\u002Fcompensation",{"title":60,"path":61,"stem":62},"Education","\u002Fpeople-ops\u002Feducation","2.people-ops\u002Feducation",{"title":64,"path":65,"stem":66},"Expenses","\u002Fpeople-ops\u002Fexpenses","2.people-ops\u002Fexpenses",{"title":68,"path":69,"stem":70},"Holiday & Leave","\u002Fpeople-ops\u002Fleave","2.people-ops\u002Fleave",{"title":72,"path":73,"stem":74},"Onboarding","\u002Fpeople-ops\u002Fonboarding","2.people-ops\u002Fonboarding",{"title":76,"path":77,"stem":78,"children":79,"page":49},"Engineering","\u002Fengineering","3.engineering",[80,84,88,92,96,117,121,125,129],{"title":81,"path":82,"stem":83},"Development Setup","\u002Fengineering\u002Fdevelopment-setup","3.engineering\u002F1.development-setup",{"title":85,"path":86,"stem":87},"Contributing","\u002Fengineering\u002Fcontributing","3.engineering\u002Fcontributing",{"title":89,"path":90,"stem":91},"Production Database","\u002Fengineering\u002Fdatabase-connection","3.engineering\u002Fdatabase-connection",{"title":93,"path":94,"stem":95},"Deployment","\u002Fengineering\u002Fdeployment","3.engineering\u002Fdeployment",{"title":97,"path":98,"stem":99,"children":100,"page":49},"Github","\u002Fengineering\u002Fgithub","3.engineering\u002Fgithub",[101,105,109,113],{"title":102,"path":103,"stem":104},"Packages","\u002Fengineering\u002Fgithub\u002Fpackages","3.engineering\u002Fgithub\u002Fpackages",{"title":106,"path":107,"stem":108},"Personal Access Token","\u002Fengineering\u002Fgithub\u002Fpersonal-access-token","3.engineering\u002Fgithub\u002Fpersonal-access-token",{"title":110,"path":111,"stem":112},"Troubleshooting","\u002Fengineering\u002Fgithub\u002Ftroubleshooting","3.engineering\u002Fgithub\u002Ftroubleshooting",{"title":114,"path":115,"stem":116},"Workflows","\u002Fengineering\u002Fgithub\u002Fworkflows","3.engineering\u002Fgithub\u002Fworkflows",{"title":118,"path":119,"stem":120},"Platform Ops","\u002Fengineering\u002Fplatform-ops","3.engineering\u002Fplatform-ops",{"title":122,"path":123,"stem":124},"Project Management","\u002Fengineering\u002Fproject-management","3.engineering\u002Fproject-management",{"title":126,"path":127,"stem":128},"Releases","\u002Fengineering\u002Frelease","3.engineering\u002Frelease",{"title":130,"path":131,"stem":132},"Tools","\u002Fengineering\u002Ftools","3.engineering\u002Ftools",{"title":134,"path":135,"stem":136,"children":137,"page":49},"Design","\u002Fdesign","4.design",[138,142,146],{"title":139,"path":140,"stem":141},"Branding","\u002Fdesign\u002Fbranding","4.design\u002Fbranding",{"title":143,"path":144,"stem":145},"Design Thinking","\u002Fdesign\u002Fdesign-thinking","4.design\u002Fdesign-thinking",{"title":130,"path":147,"stem":148},"\u002Fdesign\u002Ftools","4.design\u002Ftools",{"title":150,"path":151,"stem":152,"children":153,"page":49},"Sales","\u002Fsales","4.sales",[154,158],{"title":155,"path":156,"stem":157},"Customer Onboarding","\u002Fsales\u002Fonboarding","4.sales\u002Fonboarding",{"title":159,"path":160,"stem":161},"Sales Tools","\u002Fsales\u002Ftools","4.sales\u002Ftools",{"title":163,"path":164,"stem":165,"children":166,"page":49},"Marketing","\u002Fmarketing","5.marketing",[167],{"title":168,"path":169,"stem":170},"Messaging","\u002Fmarketing\u002Fmessaging","5.marketing\u002Fmessaging",{"title":172,"path":173,"stem":174,"children":175,"page":49},"Data Ops","\u002Fdata-ops","6.data-ops",[176,185,189,193,197,201],{"title":177,"path":178,"stem":179,"children":180,"page":49},"Capability Exchange","\u002Fdata-ops\u002Fcapability-exchange","6.data-ops\u002FCapability Exchange",[181],{"title":182,"path":183,"stem":184},"Leaderboard Calculation","\u002Fdata-ops\u002Fcapability-exchange\u002Fleaderboard-calculation","6.data-ops\u002FCapability Exchange\u002Fleaderboard-calculation",{"title":186,"path":187,"stem":188},"Account Portal (CAS)","\u002Fdata-ops\u002Faccount-portal","6.data-ops\u002Faccount-portal",{"title":190,"path":191,"stem":192},"Adding Products","\u002Fdata-ops\u002Faddin-products","6.data-ops\u002Faddin-products",{"title":194,"path":195,"stem":196},"Adding Vendors","\u002Fdata-ops\u002Fadding-vendors","6.data-ops\u002Fadding-vendors",{"title":198,"path":199,"stem":200},"Message Queues","\u002Fdata-ops\u002Fmessage-queues","6.data-ops\u002Fmessage-queues",{"title":202,"path":203,"stem":204},"Refreshing Vendors","\u002Fdata-ops\u002Frefreshing-vendors","6.data-ops\u002Frefreshing-vendors",{"title":206,"path":207,"stem":208},"Glossary","\u002Fglossary","glossary",{"id":210,"title":106,"body":211,"description":666,"extension":769,"links":770,"meta":771,"navigation":552,"path":107,"seo":772,"stem":108,"__hash__":773},"docs\u002F3.engineering\u002Fgithub\u002Fpersonal-access-token.md",{"type":212,"value":213,"toc":750},"minimark",[214,219,223,226,229,233,242,245,279,282,293,310,312,319,326,331,392,396,399,459,480,482,486,491,541,553,555,559,605,607,611,614,647,651,657,667,671,675,681,685,704,706,710],[215,216,218],"h2",{"id":217},"personal-access-tokens-pats","Personal Access Tokens (PATs)",[220,221,222],"p",{},"A Personal Access Token (PAT) is used to authenticate with GitHub in place of a password — for example, when pulling private packages, publishing packages, or using the GitHub API from scripts and CI\u002FCD pipelines.",[220,224,225],{},"GitHub offers two types of PATs:",[227,228],"hr",{},[215,230,232],{"id":231},"token-types","Token Types",[234,235,237,238],"h3",{"id":236},"fine-grained-tokens-recommended-for-most-tasks","Fine-grained Tokens ",[239,240,241],"em",{},"(recommended for most tasks)",[220,243,244],{},"Fine-grained tokens are the newer, more secure token format introduced by GitHub. They offer:",[246,247,248,256,267,273],"ul",{},[249,250,251,255],"li",{},[252,253,254],"strong",{},"Repository-scoped access"," — you select exactly which repositories the token can access, rather than granting access to everything.",[249,257,258,261,262,266],{},[252,259,260],{},"Granular permissions"," — instead of broad scopes (e.g. ",[263,264,265],"code",{},"repo","), you choose specific read\u002Fwrite permissions per resource (Issues, Pull Requests, Contents, etc.).",[249,268,269,272],{},[252,270,271],{},"Expiry enforcement"," — fine-grained tokens require an expiry date (maximum 1 year).",[249,274,275,278],{},[252,276,277],{},"Owner approval"," — if your organisation enforces it, tokens may require admin approval before they become active.",[220,280,281],{},"Fine-grained tokens are ideal for:",[246,283,284,287,290],{},[249,285,286],{},"Accessing or cloning specific repositories",[249,288,289],{},"Operating GitHub Actions with least-privilege access",[249,291,292],{},"Anything where limiting blast radius is important",[294,295,296],"blockquote",{},[220,297,298,301,302,305,306,309],{},[252,299,300],{},"Limitation:"," Fine-grained tokens ",[252,303,304],{},"cannot"," currently authenticate against the ",[252,307,308],{},"GitHub Packages \u002F npm registry",". If your task involves installing or publishing packages, you must use a Classic token.",[227,311],{},[234,313,315,316],{"id":314},"classic-tokens-required-for-github-packages","Classic Tokens ",[239,317,318],{},"(required for GitHub Packages)",[220,320,321,322,325],{},"Classic tokens use a broad, scope-based permission model and have been available since GitHub's early API days. While less granular than fine-grained tokens, they are currently the ",[252,323,324],{},"only supported token type"," for GitHub Packages authentication.",[327,328,330],"h4",{"id":329},"when-you-must-use-a-classic-token","When you must use a Classic token",[332,333,334,347],"table",{},[335,336,337],"thead",{},[338,339,340,344],"tr",{},[341,342,343],"th",{},"Use Case",[341,345,346],{},"Classic Token Required?",[348,349,350,366,377,384],"tbody",{},[338,351,352,363],{},[353,354,355,358,359,362],"td",{},[263,356,357],{},"npm install"," \u002F ",[263,360,361],{},"yarn install"," from a private GitHub Package registry",[353,364,365],{},"✅ Yes",[338,367,368,375],{},[353,369,370,371,374],{},"Publishing a package to GitHub Packages (",[263,372,373],{},"npm publish",")",[353,376,365],{},[338,378,379,382],{},[353,380,381],{},"Reading\u002Finstalling packages in CI\u002FCD (e.g. GitHub Actions, local dev)",[353,383,365],{},[338,385,386,389],{},[353,387,388],{},"General GitHub API access or repository operations",[353,390,391],{},"❌ Fine-grained preferred",[327,393,395],{"id":394},"required-scopes-for-package-work","Required scopes for package work",[220,397,398],{},"When creating a Classic token for package consumption or development, select the following scopes:",[332,400,401,411],{},[335,402,403],{},[338,404,405,408],{},[341,406,407],{},"Scope",[341,409,410],{},"Purpose",[348,412,413,423,433,446],{},[338,414,415,420],{},[353,416,417],{},[263,418,419],{},"read:packages",[353,421,422],{},"Download \u002F install packages from the GitHub Package Registry",[338,424,425,430],{},[353,426,427],{},[263,428,429],{},"write:packages",[353,431,432],{},"Publish packages to the GitHub Package Registry",[338,434,435,439],{},[353,436,437],{},[263,438,265],{},[353,440,441,442,445],{},"Required when the package repository is ",[252,443,444],{},"private"," — allows the registry to verify access",[338,447,448,453],{},[353,449,450],{},[263,451,452],{},"delete:packages",[353,454,455,458],{},[239,456,457],{},"(Optional)"," Remove package versions you own",[294,460,461],{},[220,462,463,466,467,470,471,473,474,476,477,479],{},[252,464,465],{},"Tip:"," If you only need to ",[252,468,469],{},"consume"," (install) packages and not publish them, ",[263,472,419],{}," + ",[263,475,265],{}," is sufficient. Only add ",[263,478,429],{}," if you are actively developing and publishing packages.",[227,481],{},[215,483,485],{"id":484},"how-to-create-a-classic-token","How to Create a Classic Token",[294,487,488],{},[220,489,490],{},"This is the token type you will need for local development and CI\u002FCD package access.",[492,493,494,505,520,527,534],"ol",{},[249,495,496,497,504],{},"Go to ",[498,499,503],"a",{"href":500,"rel":501},"https:\u002F\u002Fgithub.com\u002Fsettings\u002Ftokens\u002Fnew",[502],"nofollow","GitHub Tokens (Classic)"," — ensure you are logged into the correct account.",[249,506,507,508,511,512,515,516,519],{},"Give the token a descriptive ",[252,509,510],{},"Note",", e.g. ",[263,513,514],{},"Package Development"," or ",[263,517,518],{},"Package Read-Only",".",[249,521,522,523,526],{},"Set an ",[252,524,525],{},"Expiration"," — choose an appropriate window (e.g. 90 days). Avoid \"No expiration\" for security reasons.",[249,528,529,530,533],{},"Under ",[252,531,532],{},"Select scopes",", tick the scopes relevant to your use case (see table above).",[249,535,536,537,540],{},"Click ",[252,538,539],{},"Generate token"," and copy it immediately — GitHub will not show it again.",[542,543],"iframe",{"width":544,"height":545,"src":546,"className":547,"title":549,"frameBorder":550,"allow":551,"allowFullScreen":552},560,315,"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FWJI2V86zs2A",[548],"mx-auto","YouTube video player","0","accelerometer;",true,[227,554],{},[215,556,558],{"id":557},"how-to-create-a-fine-grained-token","How to Create a Fine-grained Token",[492,560,561,568,573,578,584,594,600],{},[249,562,496,563,504],{},[498,564,567],{"href":565,"rel":566},"https:\u002F\u002Fgithub.com\u002Fsettings\u002Fpersonal-access-tokens\u002Fnew",[502],"GitHub Fine-grained Tokens",[249,569,507,570,519],{},[252,571,572],{},"Token name",[249,574,522,575,577],{},[252,576,525],{}," (required — up to 365 days).",[249,579,529,580,583],{},[252,581,582],{},"Resource owner",", select the organisation or your personal account.",[249,585,529,586,589,590,593],{},[252,587,588],{},"Repository access",", choose ",[239,591,592],{},"Only select repositories"," and pick the repositories needed.",[249,595,529,596,599],{},[252,597,598],{},"Permissions",", expand each section and set only the minimum permissions required.",[249,601,536,602,604],{},[252,603,539],{}," and copy it immediately.",[227,606],{},[215,608,610],{"id":609},"configuring-projects-to-use-tokens","Configuring projects to use tokens",[220,612,613],{},"This setup works for both local development and CI\u002FCD pipelines.",[492,615,616,626],{},[249,617,618,619,515,622,625],{},"Configure projects to use tokens in the ",[263,620,621],{},".npmrc",[263,623,624],{},".yarnrc.yml"," files.",[249,627,628,629,632,633],{},"Set the ",[263,630,631],{},"NODE_AUTH_TOKEN"," environment variable to your Classic token when applicable in:\n",[246,634,635,641],{},[249,636,637,638],{},"GitHub Repository Secrets for ",[252,639,640],{},"CI\u002FCD pipelines",[249,642,643,644,519],{},"User Account System environment variables for ",[252,645,646],{},"local development",[234,648,650],{"id":649},"_1-for-yarn-projects","1. For Yarn Projects",[220,652,653,654,656],{},"Once you have a Classic token, configure npm to authenticate against the GitHub Package Registry by adding the following to the project-level ",[263,655,624],{},":",[658,659,664],"pre",{"className":660,"code":662,"language":663},[661],"language-text","npmScopes:\n  es-profiler:\n    npmAlwaysAuth: false\n    npmAuthToken: ${NODE_AUTH_TOKEN:-}\n    npmRegistryServer: \"https:\u002F\u002Fnpm.pkg.github.com\"\n","text",[263,665,662],{"__ignoreMap":666},"",[234,668,670],{"id":669},"_1-for-npm-projects","1. For NPM Projects",[220,672,653,673,656],{},[263,674,621],{},[658,676,679],{"className":677,"code":678,"language":663},[661],"\u002F\u002Fnpm.pkg.github.com\u002F:_authToken=${NODE_AUTH_TOKEN}\n@es-profiler:registry=https:\u002F\u002Fnpm.pkg.github.com\n",[263,680,678],{"__ignoreMap":666},[234,682,684],{"id":683},"_2-for-local-development","2. For Local Development",[294,686,687],{},[220,688,689,692,693,696,697,700,701,519],{},[252,690,691],{},"Never commit your token to source control."," Use environment variables or secrets management instead. In CI\u002FCD pipelines, store the token as a secret (e.g. ",[263,694,695],{},"GITHUB_TOKEN"," or a custom secret) and reference it in your ",[263,698,699],{},"npmrc"," via ",[263,702,703],{},"${TOKEN_ENV_VAR}",[227,705],{},[215,707,709],{"id":708},"best-practices","Best Practices",[246,711,712,718,727,738,744],{},[249,713,714,717],{},[252,715,716],{},"Rotate tokens regularly"," — set a calendar reminder before your token expires.",[249,719,720,723,724,726],{},[252,721,722],{},"Use the minimum required scopes"," — avoid ",[263,725,265],{}," on Classic tokens unless the package repository is private.",[249,728,729,732,733,519],{},[252,730,731],{},"Revoke unused tokens"," — audit your tokens periodically at ",[498,734,737],{"href":735,"rel":736},"https:\u002F\u002Fgithub.com\u002Fsettings\u002Ftokens",[502],"github.com\u002Fsettings\u002Ftokens",[249,739,740,743],{},[252,741,742],{},"Never share tokens"," — each developer and each CI\u002FCD pipeline should have its own token.",[249,745,746,749],{},[252,747,748],{},"Prefer fine-grained tokens"," for any non-package GitHub API usage.",{"title":666,"searchDepth":751,"depth":751,"links":752},2,[753,754,761,762,763,768],{"id":217,"depth":751,"text":218},{"id":231,"depth":751,"text":232,"children":755},[756,759],{"id":236,"depth":757,"text":758},3,"Fine-grained Tokens (recommended for most tasks)",{"id":314,"depth":757,"text":760},"Classic Tokens (required for GitHub Packages)",{"id":484,"depth":751,"text":485},{"id":557,"depth":751,"text":558},{"id":609,"depth":751,"text":610,"children":764},[765,766,767],{"id":649,"depth":757,"text":650},{"id":669,"depth":757,"text":670},{"id":683,"depth":757,"text":684},{"id":708,"depth":751,"text":709},"md",null,{},{"description":666},"mV45VhJHcUtyhT5mLV2CMK-EPx1m4TKfPDuvFtYUnGI",[775,776],{"title":102,"path":103,"stem":104,"description":666,"children":-1},{"title":110,"path":111,"stem":112,"description":777,"children":-1},"Troubleshooting guide for GitHub issues.",1778263961972]