GitHub Oauth private repo access

May 5, 2025

To give secure access to private GitHub repositories on less-trusted systems like CI or HPC or shared workstation, consider GitHub Oauth tokens. The Oauth token can give read-only (or other fine-grained permissions) to all or a specific subset of repositories the GitHub account has access to.

Create a GitHub Oauth token with the desired permissions. For read-only private GitHub repo access the “repo” permission group is selected.

Copy the text string token and SSH into the remote system where access is desired. Configure the global user Git config to use the Oauth token for the desired GitHub organization or user.

Private GitHub repo of a collaborator

Create a GitHub Oauth classic token with the “repo” permission group. Copy and paste that token string into the laptop or workstation you’ll use to access the private repo. Do this command from the specific project directory.

git config url.https://oauth2:OauthToken@github.com/.insteadOf https://github.com/

The text OauthToken is replaced with the actual Oauth token string copied from GitHub.

Troubleshooting

Use git remote -v in the Git repo or Git submodule to ensure old information in ~/.gitconfig is not overriding the new API token. If a Git submodule won’t clone due to incorrect token credentials, try Git cloning the submodule repository itself in another directory to see if the old credential are slipping in somewhere.

Related: Git pull HTTPS push SSH