Managing Git PATs

Generate, assign, and manage Git user tokens for GitOps Runtimes

Git user token management

As a user in Codefresh, you must authorize access to your Git provider accounts and authenticate Git-based actions from Codefresh clients, per provisioned GitOps Runtime. This is done through the Git user token, which is an access token unique to each user. For more details, including required scopes and how the Git user token differs from the Git Runtime token, see Git tokens in Codefresh.

NOTE
Codefresh GitOps does not officially support fine-grained tokens, or tokens with custom scopes. If you are using such tokens, make sure you turn off validation for Git tokens in the values.yaml file, as described in Skipping token values.yaml.

Authorize Git access to GitOps Runtimes

Authorize Git access to GitOps Runtimes through Git user access tokens from your Git provider.

If you have access to more than one GitOps Runtime in the same or in different accounts, you can use the same Git user token for all the Runtimes you have access to. You must however authorize access for each GitOps Runtime individually.

Before you begin
  • Make sure you have a user access token with the required scopes for GitHub
How to
  1. In the Codefresh UI, on the toolbar, click your avatar, and then select Git Personal Access Token.
  2. Select the GitOps Runtime to authenticate to, and then click Add Token.
  3. For Git user tokens:
    1. Expand Advanced authorization options.
    2. In the Personal Access Token field, paste the token you generated.

Authorize access to GitOps Runtime with OAuth/Git user token

Authorize access to GitOps Runtime with OAuth/Git user token
  1. Click Add Token.
    In the Git Personal Access Tokens list, you can see that the new token is assigned to the GitOps Runtime.

Manage Git user tokens for GitOps Runtimes

Once you authorize access to one or more GitOps Runtimes through Git user tokens, the GitOps Runtimes and their associated tokens are listed in the Git Personal Access Tokens page.

Manage Git user access tokens

You can manage Git user tokens for any GitOps Runtime, without affecting the GitOps Runtime at the account-level. Deleting the Git user token for a GitOps Runtime will deny you access to the Git repositories, Git Sources and other resources associated with that Runtime, while the Runtime itself is not affected.

Notifications for GitOps Runtimes

If you have turned on notifications for GitOps Runtimes, Codefresh alerts you to those Runtimes with invalid or expired Git personal access tokens.
You can turn off these notifications for selectively for Runtimes for which these alerts are less critical.

Before you begin

Have your Git user token handy

How to
  1. In the Codefresh UI, on the toolbar, click your avatar, and then select Git Personal Access Token.
  2. To replace/delete the Git user token for a Runtime, do one of the following:
    • To replace, click Add Token, and then either click Authorize Access to Git provider for OAuth2, or paste your Git user token into the Git Personal Access Token field.
    • To delete, click Delete Token. The token is deleted and the Add Token button is displayed next to the Runtime.
  3. To turn off notifications, click the context menu at the right of the row with the Runtime and enable Hide notifications.

Disable notifications option for GitOps Runtimes

Disable notifications option for GitOps Runtimes

GitOps Runtime with notifications disabled

GitOps Runtime with notifications disabled

Generate GitHub user access tokens

  1. Log in to your GitHub account.
  2. Select Settings > Developer Settings > Personal Access Tokens > Tokens (classic).
  3. Define the following:
    • Token name
    • Expiration date
    • Select scope: repo

GitHub user access token scopes

GitHub user access token scopes
  1. Copy the user access token generated as you will need it to authorize access.

Git tokens in Codefresh