Keeping GitHub OAuth Tokens Safe
While making your source code available in a public GitHub repository is awesome, it’s important to be sure you don’t accidentally commit your passwords, secrets, or anything else that other…
While making your source code available in a public GitHub repository is awesome, it’s important to be sure you don’t accidentally commit your passwords, secrets, or anything else that other people shouldn’t know.
Starting today you can commit more confidently, knowing that we will email you if you push one of your OAuth Access Tokens to any public repository with a git push command. As an extra bonus, we’ll also revoke your token so it can’t be used to perform any unauthorized actions on your behalf.
For more tips on keeping your account secure, see “Keeping your SSH keys and application access tokens safe” in GitHub Help.
Written by
Related posts
GitHub availability report: June 2026
In June, we experienced six incidents that resulted in degraded performance across GitHub services.
Q1 2026 Innovation Graph update: Open source collaboration is accelerating worldwide
New Innovation Graph data shows global developer communities growing faster than ever, with collaboration reaching new highs across many economies.
GitHub joins coalition advocating for fixes to California AI Transparency Act to protect open source
We’re calling for targeted amendments to resolve conflicts with open source licensing and align with international transparency frameworks while preserving regulatory intent.