Where to store the personal access token from GitHub?

Question

Is it necessary to store the personal access token somewhere locally on the machine after generating it in GitHub?

If yes, is there any preferred way where it could be

Answer 1

Well, you have to save the token somewhere, when you don't want to type it each time your app asks for it :-)

A good solution is using environment variables, as already suggested in one comment.

But you still have to set the environment variable somewhere.
On Windows (which I'm using), you could use the dialog box in the system settings (I don't know if other operating systems have something similar).

I don't do this, I prefer a script in my project.
In a private project, you may commit this to source control, but this is a matter of preference.

In one of my personal projects, I'm calling the GitHub API as well, using a personal access token.
It's a command line app and the end user will save the token in a config file (which is OK).

But I need the token for development as well, because the project has integration tests where I'm calling the GitHub API.

And that project is public on GitHub, so I couldn't save the token in source control.

What I did is this:

• I have a batch file (remember, I'm on Windows) called environment-variables.bat which sets all required environment variables including the access token
• I'm calling this in my build script and in the batch file I'm using to run my tests
• environment-variables.bat is ignored in source control
• But in source control, there's environment-variables.bat.sample instead, which contains the same, but a fake token/password.

So I can just rename this file to environment-variables.bat, replace the fake password by the real one, and everything works.

---

This is not the perfect solution for all cases, though.

In my project, I have the problem that I need to use more tokens/passwords for more APIs in the future.

So the number of tokens in my environment-variables.bat will increase, making it difficult for potential contributors to actually execute all integration tests. And I still don't know how to deal with that.