Setting Up GitHub Credentials for Terraform

This guide shows how to create a GitHub personal access token (PAT) that Terraform can use to authenticate with your GitHub account. Terraform uses this token to manage repositories, branches, and repository settings via the GitHub provider.

Related: Create a personal access token (GitHub)

On my GitHub profile page (where I keep links, achievements, and course coupons), you can see an example of a typical profile layout:

Steps to create a fine-grained personal access token

In the top-right of GitHub, click your profile image and choose Settings.
In the Settings sidebar, scroll down and click Developer settings.
Under Developer settings, select Personal access tokens → Fine-grained tokens.

If you have no registered developer apps, the Developer settings page looks like this:

The image shows a GitHub settings page under "Developer Settings" for GitHub Apps, indicating there are currently no apps registered. It suggests registering a new GitHub App and offers options to view documentation or create a new app.

Click Create a new token (fine-grained). On the token creation form, set the following values:

Name: a descriptive label (for example, Terraform training).
Resource owner: your account (or the organization you manage).
Expiration: choose an appropriate duration (for short labs use 7 days; for automation choose longer but rotate regularly).
Repository access: choose the repositories this token may access (for hands-on labs you can select All repositories).
Repository permissions: grant the minimum permissions Terraform needs. At minimum, enable:
- Administration = Read & write (for creating/deleting repositories and changing settings)
- Contents = Read & write (for modifying files in repositories)

The fine-grained token creation screen (showing permission selections) is similar to this:

The image shows a GitHub settings page for creating fine-grained personal access tokens with various access permissions, such as Administration and Codespaces, displayed in a dropdown menu format.

When the permission overview confirms you’ve selected the required scopes, click Generate token. GitHub will display the token one time only.

Copy the token immediately after generation — GitHub will not show it again after you leave this page.

Recommended repository permissions for common Terraform tasks

Permission area	Required setting for Terraform	Why it’s needed
Repository Administration	`Read & write`	Create/delete repositories, update settings (visibility, topics, etc.)
Repository Contents	`Read & write`	Create or modify files (README, CI config, Terraform templates)

Grant only the permissions you need and restrict repository access where practical.

Add the token to your environment

Set the token as the GITHUB_TOKEN environment variable so Terraform’s GitHub provider can authenticate automatically.

macOS / Linux (temporary for current shell session):

export GITHUB_TOKEN="github_pat_<YOUR_TOKEN_HERE>"

Windows PowerShell (temporary for current session):

$Env:GITHUB_TOKEN = 'github_pat_<YOUR_TOKEN_HERE>'

Windows PowerShell (persist across future sessions using setx):

setx GITHUB_TOKEN "github_pat_<YOUR_TOKEN_HERE>"

Replace github_pat_<YOUR_TOKEN_HERE> with the token value you copied from GitHub.

Fine-grained tokens can expire or be revoked. If the token expires, generate a new one and update your environment variable. Keep tokens secret — do not commit them to source control or reveal them in logs.

How Terraform uses the token

Once GITHUB_TOKEN is set, the Terraform GitHub provider will read it automatically. You do not need to hard-code the token in your Terraform configuration. Example provider block (no token value shown — provider uses the environment variable):

provider "github" {
  # Optional: specify organization or other settings here
  # organization = "my-org"
}

Provider documentation: https://registry.terraform.io/providers/integrations/github/latest/docs

Troubleshooting & best practices

If Terraform reports authentication errors, verify GITHUB_TOKEN is exported in the same shell/session running Terraform.
If permission errors occur, confirm the token’s repository permissions and repository access settings.
For CI systems, store the token in the CI secret store and inject it as GITHUB_TOKEN at runtime.
Rotate tokens regularly and use short expirations for temporary training or lab environments.

Links and references

Watch Video

Setting Up Azure Credentials for Terraform

Section Introduction Terraform Foundations

​Steps to create a fine-grained personal access token

​Recommended repository permissions for common Terraform tasks

​Add the token to your environment

​How Terraform uses the token

​Troubleshooting & best practices

​Links and references

Watch Video

Steps to create a fine-grained personal access token

Recommended repository permissions for common Terraform tasks

Add the token to your environment

How Terraform uses the token

Troubleshooting & best practices

Links and references