Find and manage GitHub Personal Access Tokens

Developers and technical users who work with GitHub repositories and need to view or manage their existing Personal Access Tokens (PATs).

View token overview

1. Open GitHub settings

Profile avatar (top right) → Settings

2. Navigate to Developer settings

Left sidebar → Developer settings (at the bottom)

3. Access token management

Personal access tokens → Tokens (classic) or Personal access tokens → Fine-grained tokens

Available information

Visible token details:

• Token name
• Creation date
• Expiry date
• Recently used
• Permissions (Scopes)

Not visible:

• The actual token string (starts with ghp_ for classic or github_pat_ for fine-grained)

Find tokens in local systems

macOS Keychain

security find-internet-password -s github.com

Windows Credential Manager

cmdkey /list | findstr github

Git Credential Helper

git config --global credential.helper

Safety instructions

Token rotation according to GitHub recommendations:

• Classic PATs: Every 90 days
• Fine-grained PATs: Maximum validity 1 year

If compromise is suspected:

1. Revoke token immediately under Settings → Developer settings
2. Create new token
3. Update all applications

Technical standards

• OAuth 2.0 Bearer Token Format (RFC 6750)
• GitHub API v3 for classic tokens
• GitHub API v4 (GraphQL) compatible

Instructional video

Summary: Existing GitHub Personal Access Tokens can only be managed in the token overview, but cannot be viewed in plain text – if lost, a new token must be created.