Git password authentication deprecated

Since using my GitHub password to push commits is deprecated - Token authentication requirements for Git operations - The GitHub Blog what is the optimal command line workflow now?

One of the recommended ways is to use a personal access token but do I need to copy the generated token somewhere (since it is hidden in my GitHub profile after I generate it) and use it whenever I authenticate my password on a system?
I added it to cache following the instructions here - Caching your GitHub credentials in Git - GitHub Docs but I am still asked for my password/access token when pushing to GitHub.

Yes, you’ll need the token where you previously typed your password. I recommend keeping the token(s) in a password manager that stores them in encrypted form.

The memory cache described there keeps your password or token in RAM for a limited time, it’s not meant to store it permanently.

Is there a way to keep the token cached for a longer time period?

The documentation you linked (Caching your GitHub credentials in Git) describes how to change the timeout, but the RAM cache will never exist past something like a reboot. That’s a security feature.

For long term storage, use a password manager (I like KeePassXC, personally).

Technically Git also has the “store” credential helper, but note the warning there: :warning:

Using this helper will store your passwords unencrypted on disk, protected only by filesystem permissions. If this is not an acceptable security tradeoff, try git-credential-cache[1], or find a helper that integrates with secure storage provided by your operating system.

Which means in most cases it’s a bad idea, maybe with the exception of a machine that you use exclusively (NEVER anyone else) and that uses strong full-disk encryption.

I am not a fan of password managers, so I am trying to avoid going down that route.

I am the exclusive user of my computer, but I am not very comfortable with having the token lay around on my system in cleartext (but this is what I am opting for till I figure out a permanent solution to this - Thanks!)

Is using ssh the only alternate left? I imagine that would allow me to enter my “GitHub” password once and not have to re-enter my password for that particular session?

That’s exactly why I recommend a password manager. Not the kind that uploads everything, the good kind that stores your passwords in encrypted form. :wink:

SSH works only with public key authentication. You can store the key in encrypted form (similar to using a password manager) or unencrypted (similar to leaving the token on disk).