{"id":16961085,"url":"https://github.com/ricsanfre/git-pat-gpg","last_synced_at":"2026-06-19T06:32:54.946Z","repository":{"id":111459510,"uuid":"395591130","full_name":"ricsanfre/git-pat-gpg","owner":"ricsanfre","description":"Guide to automate the use Github Personal Access Token credentials with GPG and git cli.","archived":false,"fork":false,"pushed_at":"2021-08-13T09:53:32.000Z","size":4,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-08-10T03:25:34.935Z","etag":null,"topics":["git","github-config","gpg","token-based-authentication"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ricsanfre.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-08-13T09:20:02.000Z","updated_at":"2023-03-06T01:26:32.000Z","dependencies_parsed_at":null,"dependency_job_id":"93f43b32-cb57-44fc-8ddc-5ce605213220","html_url":"https://github.com/ricsanfre/git-pat-gpg","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/ricsanfre/git-pat-gpg","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ricsanfre%2Fgit-pat-gpg","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ricsanfre%2Fgit-pat-gpg/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ricsanfre%2Fgit-pat-gpg/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ricsanfre%2Fgit-pat-gpg/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ricsanfre","download_url":"https://codeload.github.com/ricsanfre/git-pat-gpg/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ricsanfre%2Fgit-pat-gpg/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34520431,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-19T02:00:06.005Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["git","github-config","gpg","token-based-authentication"],"created_at":"2024-10-13T22:50:59.089Z","updated_at":"2026-06-19T06:32:54.927Z","avatar_url":"https://github.com/ricsanfre.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# How to Use of GitHub's Personal Access Token (PAT) with git cli and GPG\n\nIn Linux GPG encryption can be used to encrypt/decrypt passwords and tokens data using a GPG key-pair\nGnuPG is a free software implementation of the OpenPGP standard that allows you to encrypt and sign your data and communications using GPG encryptions\nGnuPG can be used as cross-platform password manager, including GIT HTTPS credetials. \n\n## GnuPG Installation and configuration\n\n### Step 1. Install GnuPG packet\n\n    sudo apt install gnupg \n\nCheck it is installed\n\n    gpg --help\n\n### Step 2. Generating Your GPG Key Pair\n\nGPG key-pair consist on a public and private key used for encrypt/decrypt\n\n    gpg –-gen-key\n\nThe output of the command is like this:\n\n```\ngpg (GnuPG) 2.2.4; Copyright (C) 2017 Free Software Foundation, Inc.\nThis is free software: you are free to change and redistribute it.\nThere is NO WARRANTY, to the extent permitted by law.\n\nNote: Use \"gpg --full-generate-key\" for a full featured key generation dialog.\n\nGnuPG needs to construct a user ID to identify your key.\n\nReal name: Ricardo\nEmail address: ricsanfre@gmail.com\nYou selected this USER-ID:\n    \"Ricardo \u003cricsanfre@gmail.com\u003e\"\n\nChange (N)ame, (E)mail, or (O)kay/(Q)uit? O\nWe need to generate a lot of random bytes. It is a good idea to perform\nsome other action (type on the keyboard, move the mouse, utilize the\ndisks) during the prime generation; this gives the random number\ngenerator a better chance to gain enough entropy.\nWe need to generate a lot of random bytes. It is a good idea to perform\nsome other action (type on the keyboard, move the mouse, utilize the\ndisks) during the prime generation; this gives the random number\ngenerator a better chance to gain enough entropy.\ngpg: /home/ansible/.gnupg/trustdb.gpg: trustdb created\ngpg: key D59E854B5DD93199 marked as ultimately trusted\ngpg: directory '/home/ansible/.gnupg/openpgp-revocs.d' created\ngpg: revocation certificate stored as '/home/ansible/.gnupg/openpgp-revocs.d/A4745167B84C8C9A227DC898D59E854B5DD93199.rev'\npublic and secret key created and signed.\n\npub   rsa3072 2021-08-13 [SC] [expires: 2023-08-13]\n      A4745167B84C8C9A227DC898D59E854B5DD93199\nuid                      Ricardo \u003cricsanfre@gmail.com\u003e\nsub   rsa3072 2021-08-13 [E] [expires: 2023-08-13]\n\n```\n\nDuring the generation process you will be prompted to provide a passphrase.\n\n\n## Exporting Your Public Key\nIf you need to export and share your public key to others, you run the commands below… The public key is used to authenticate that the content encrypted by you actually came from you…\n\nIt is also used to decrypt the content you encrypted…\n\n   gpg --armor --export ricsanfre@gmail.com \u003e public_key.asc\n\nYou can also use the commands below to export the key into a readable text file…\n\n   gpg --armor --output key.txt --export ricsanfre@gmail.com\n\nYou can then send the public key file to those who should get it..\n\n\n\n## Git PAT encryption and usage\n\nFirst you need to obtain a valid authentication token for GitHub. See procedure how to obtain a [personal accesss token](https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token)\n\n### Step 1. Encrypt GitHub PAT token with GPG\n\nTo encrypt token(password) run:\n\n    gpg -e -o [PATH_TO_ENCRYPTED_TOKEN] -r \"[GPG_KEY_USER_ID]\"\n\n    gpg -e -o $HOME/git_pat_gpg -r ricsanfre@gmail.com\n\ntype the token (or copy-paste it) then press Ctrl+D for ending input, or use file name with this token.\n\n### Step 2. Make a custom git credential helper: \n\nCreate bash file with name `git-credential-gpgpat` (without .sh extension) in $HOME \n\n```\n#!/bin/bash\ntoken=`gpg -d -r \"[GPG_KEY_USER_ID]\" [PATH_TO_ENCRYPTED_TOKEN] 2\u003e/dev/null`\necho protocol=https\necho host=[YOUR_HOST]\necho username=[YOUT_GIT_USER_NAME]\necho password=$token\n```\n\n### Step 3. Check script\n\nExecute the script and checks that is outputing the unencrypted password\n\n\n### Step 3. Add the git credential helper\n\n\n    git config --global credential.helper [ABSOLUTE_PATH_TO_BASH_SCRIPT ]\n\n    git config --global credential.helper $HOME/git_credential_gpgpat\n    \ngit will try to get the credentials from this helper and it would use it for every push/pull/clone.\n\n\n### Step 4. Add GPG_TTY env variable to user profile\n\nSince gpg passphrase need to be prompted to the same tty session where git commands are executed `GPG_TTY` variable need to be set to the actual tty session opened. This will avoid messages of type \"gpg: public key decryption failed: Inappropriate ioctl for device\":\n\nAdd to `.bashrc`\n\n    export GPG_TTY=$(tty)\n    \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fricsanfre%2Fgit-pat-gpg","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fricsanfre%2Fgit-pat-gpg","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fricsanfre%2Fgit-pat-gpg/lists"}