**What you will accomplish in this chapter:**  
 You will create a GitHub Personal Access Token (PAT) that provides secure, controlled access to GitHub services for your AI development projects. You'll learn security best practices, configure appropriate permissions, and securely store your token for use in future chapters.

**Understanding Personal Access Tokens**

Security is the foundation of professional AI development, and creating a GitHub Personal Access Token is your first step toward building secure, production-ready applications. A GitHub Personal Access Token serves as a secure, controllable alternative to password authentication that provides several critical advantages:

**Why PATs are Superior to Passwords:**

·       **Scoped Permissions**: You can limit exactly what the token can access

·       **Expiration Control**: Tokens can expire automatically for enhanced security

·       **Instant Revocation**: Compromised tokens can be disabled immediately

·       **Audit Trail**: GitHub tracks token usage for security monitoring

·       **Granular Control**: Different tokens can have different permission levels

**Use Cases for Your PAT:**

·       Accessing GitHub Models API for AI services

·       Programmatic repository access for your AI agents

·       Integration with GitHub Actions and workflows

·       Secure authentication in deployment environments

**Step 1: Access GitHub Account Settings**

1\.   	**Navigate to GitHub**:

o   Open your web browser and go to [https://github.com](https://github.com/)

o   Ensure you're logged into your GitHub account

o   You should see your profile picture or avatar in the upper-right corner

2\.   	**Access your account settings**:

o   Click on your profile picture in the upper-right corner of the page

o   A dropdown menu will appear with several options

o   Look for and click on "**Settings**" in this dropdown menu

o   This will take you to your personal account settings page

3\.   	**Verify you're in the correct settings area**:

o   You should see "Settings" as the page title



![01_04 GitHub Settings.png](attachment:5543f9ca-857d-41b6-91e7-2b8243ebc749.png)

In [None]:
o   The left sidebar should show various account configuration options

o   Your username should appear at the top of the left sidebar

**Step 2: Navigate to Developer Settings**

1\.   	**Locate Developer settings in the sidebar**:

o   In the left sidebar, scroll down toward the bottom

o   Look for a section labeled "**Developer settings**"

o   It's typically one of the last items in the sidebar menu

o   Click on "**Developer settings**" to access developer tools

![01_04 Developer Settings.png](attachment:bc2b1d7c-f8cd-4d74-9a74-4ae9bc798155.png)

2\.   	**Understanding Developer settings**:

o   This section contains tools for integrating with GitHub's APIs

o   It includes settings for OAuth applications, webhooks, and personal access tokens

o   These are the tools developers use to build applications that interact with GitHub

**Step 3: Access Personal Access Tokens**

1\.   	**Find the Personal access tokens section**:

o   In the Developer settings page, look for "**Personal access tokens**" in the left sidebar

o   Click on "**Personal access tokens**" to expand this section

o   You'll see options for different types of tokens

2\.   	**Select Tokens (classic)**:

o   You'll see two options: "**Fine-grained tokens**" and "**Tokens (classic)**"

o   Click on "**Tokens (classic)**" for broader compatibility with various tools and services

o   Classic tokens work with a wider range of applications and are more straightforward to configure

3\.   	**Understanding the tokens page**:

o   This page shows any existing tokens you may have created

o   Each token is listed with its name, scopes, and last used date

o   You can revoke existing tokens from this page if needed

**Step 4: Begin Token Creation**

1\.   	**Start the token generation process**:

o   Look for the "**Generate new token**" button (usually green)

o   Click "**Generate new token**" to begin creating your PAT

o   You may see a dropdown with options \- select "**Generate new token (classic)**"

2\.   	**Authenticate for security**:

o   GitHub will prompt you to confirm your password

o   Enter your GitHub account password in the password field

o   Click "**Confirm password**" or press Enter

o   This security step ensures only you can create tokens for your account

3\.   	**Wait for the token configuration page**:

o   After authentication, you'll see the "New personal access token" configuration page

o   This page contains all the settings you need to configure your token

**Step 5: Configure Token Settings**

1\.   	**Set your token name (Note field)**:

o   At the top of the form, you'll see a "**Note**" field

o   This is where you name your token for identification purposes

o   Enter a descriptive name: DeepSeek AI Agent Development

o   Use names that clearly explain the token's purpose

o   Good examples: "AI Development \- DeepSeek Models", "Personal AI Projects"

2\.   	**Configure expiration settings**:

o   Look for the "**Expiration**" dropdown menu

o   Click the dropdown to see expiration options

o   Select "**90 days**" for development tokens

o   This provides a good balance between security and convenience

3\.   	**Understanding expiration benefits**:

o   Automatic expiration limits exposure if tokens are compromised

o   Regular token rotation is a security best practice

o   GitHub will email you before tokens expire

o   You can always create new tokens when old ones expire

**Step 6: Select Token Permissions (Scopes)**

This is the most critical step \- you must select only the permissions your AI agents actually need. Follow the principle of least privilege by granting minimum necessary access.

1\.   	**Essential scopes for AI development**:

**repo (Full control of private repositories)**:

o   ✅ Check the main "**repo**" checkbox

o   This enables access to GitHub Models and repository integration

o   Required for most AI development workflows

o   Includes access to code, issues, and repository metadata

2\.   	**workflow (Update GitHub Action workflows)**:

o   ✅ Check "**workflow**" if you plan to use GitHub Actions

o   This allows integration with automated workflows

o   Useful for deployment and testing automation

o   Can be unchecked if you don't need GitHub Actions

3\.   	**Optional scopes based on your needs**:

**read:org (Read org and team membership)**:

o   ✅ Check this if you work with organization repositories

o   Allows access to organization-level resources

o   Only needed if your AI agents will work with team projects

o   Skip this for personal projects only

4\.   	**Scopes to avoid unless specifically needed**:

o   **admin:repo\_hook**: Only if you need webhook management

o   **delete\_repo**: Never needed for AI development

o   **admin:org**: Only for organization administrators

o   **user:email**: Only if your agent needs email access

5\.   	**Review your selections**:

o   Double-check that you've selected only the scopes you need

o   More permissions increase security risk if the token is compromised

o   You can always create additional tokens with different scopes later

**Step 7: Generate and Secure Your Token**

1\.   	**Create the token**:

o   Scroll to the bottom of the page

o   Click the green "**Generate token**" button

o   Wait for GitHub to create your token (this takes a few seconds)

2\.   	**Copy your token immediately**:

o   **CRITICAL**: GitHub will display your token exactly once for security reasons

o   You'll see a long string starting with ghp\_ (e.g., ghp\_abc123def456...)

o   Click the clipboard icon next to the token to copy it

o   Or select all the text and use Ctrl+C (Cmd+C on Mac) to copy

3\.   	**Important security notice**:

o   This is your only chance to see the complete token

o   GitHub will never show the full token again for security reasons

o   If you lose the token, you'll need to generate a new one

o   Do not close this browser tab until you've securely stored the token

**Step 8: Store Your Token Securely in Codespaces**

1\.   	**Return to your Codespace**:

o   Switch back to your GitHub Codespace browser tab

o   Ensure your development environment is still running

o   If it's not running, restart it following the previous chapter's instructions

2\.   	**Open your .env file**:

o   In the Explorer panel (left side), look for the .env file you created previously

o   If you don't see it, create a new file named .env (with the leading dot)

o   Double-click on .env to open it in the editor

3\.   	**Add your token to the environment file**:

o   In the .env file, add this line:


In [None]:
GITHUB\_TOKEN=your\_actual\_token\_here

o   Replace your\_actual\_token\_here with the token you just copied

o   Example: GITHUB\_TOKEN=ghp\_abc123def456ghi789jkl012mno345pqr678stu

o   Ensure there are no spaces around the equals sign

4\.   	**Add additional configuration**:

o   While you have the file open, add these related settings:


In [None]:
\# GitHub API Configuration  
 GITHUB\_TOKEN=your\_actual\_token\_here  
 GITHUB\_API\_BASE=https://api.github.com  
 GITHUB\_MODELS\_ENDPOINT=https://models.inference.ai.azure.com

 \# Default Model Settings  
 DEFAULT\_MODEL=deepseek-r1  
 MAX\_TOKENS=2000  
 TEMPERATURE=0.7

5\.   	**Save the file securely**:

o   Press Ctrl+S (Cmd+S on Mac) to save the file

o   The file should appear in your Explorer panel

o   Verify the content is saved by closing and reopening the file

**Step 9: Verify Token Storage and Access**

1\.   	**Test environment variable loading**:

o   Open the terminal in your Codespace (bottom panel)

o   Type this command to test if your token is accessible:

python \-c "import os; from dotenv import load\_dotenv; load\_dotenv(); print('Token loaded:', 'Yes' if os.getenv('GITHUB\_TOKEN') else 'No')"

o   You should see "Token loaded: Yes" if everything is working

2\.   	**Create a comprehensive token test**:

o   Create a new file called test\_github\_token.py

o   Add this verification code:

In [None]:
import os  
 import requests  
 from dotenv import load\_dotenv

 \# Load environment variables  
 load\_dotenv()

 def test\_github\_token():  
 	"""Test GitHub token functionality"""  
 	print("🔍 Testing GitHub Personal Access Token...\\n")  
 	  
 	\# Check if token is loaded  
 	token \= os.getenv('GITHUB\_TOKEN')  
 	if not token:  
     	print("❌ GITHUB\_TOKEN not found in environment variables")  
     	print("Make sure your .env file contains: GITHUB\_TOKEN=your\_token\_here")  
     	return False  
 	  
 	print(f"✅ Token loaded successfully")  
 	print(f"Token preview: {token\[:10\]}..." \+ "\*" \* (len(token) \- 10))  
 	  
 	\# Test API access  
 	headers \= {  
     	'Authorization': f'Bearer {token}',  
     	'Accept': 'application/vnd.github.v3+json',  
     	'User-Agent': 'DeepSeek-AI-Agent/1.0'  
 	}  
 	  
 	try:  
     	\# Test basic GitHub API access  
     	response \= requests.get('https://api.github.com/user', headers=headers)  
     	  
     	if response.status\_code \== 200:  
         	user\_data \= response.json()  
         	print(f"✅ GitHub API access successful\!")  
         	print(f"Authenticated as: {user\_data\['login'\]}")  
         	print(f"Account type: {user\_data\['type'\]}")  
         	return True  
     	else:  
         	print(f"❌ GitHub API access failed: {response.status\_code}")  
         	print(f"Response: {response.text}")  
         	return False  
         	  
 	except requests.RequestException as e:  
     	print(f"❌ Network error testing token: {e}")  
     	return False

 if \_\_name\_\_ \== "\_\_main\_\_":  
 	success \= test\_github\_token()  
 	if success:  
     	print("\\n🎉 Token setup completed successfully\!")  
 	else:  
     	print("\\n❌ Token setup needs attention \- check your configuration")


3\.   	**Run the token test**:

o   Save the test file

o   In the terminal, run: python test\_github\_token.py

o   You should see confirmation that your token is working correctly

**Step 10: Secure Your Token with .gitignore**

1\.   	**Verify .gitignore protection**:

o   Open the .gitignore file in your project (create it if it doesn't exist)

o   Ensure it contains these security entries:

In [None]:
\# Environment variables and secrets  
 .env  
 \*.env  
 .env.local  
 .env.production

 \# API keys and credentials  
 credentials.json  
 secrets.json  
 \*\_token.txt

 \# Personal access tokens  
 token.txt  
 \*.token

2\.   	**Test .gitignore effectiveness**:

o   In the terminal, run: git status

o   Your .env file should NOT appear in the list of files to be committed

o   If it appears, double-check your .gitignore file

**Step 11: Document Your Token Information**

1\.   	**Create token documentation**:

o   Create a new file called TOKEN\_INFO.md

o   Add documentation about your token (without including the actual token):

In [None]:
\# GitHub Personal Access Token Information

 \#\# Token Purpose  
 \- AI agent development with DeepSeek models  
 \- Access to GitHub Models API  
 \- Repository integration for AI workflows

 \#\# Token Configuration  
 \- \*\*Name\*\*: DeepSeek AI Agent Development  
 \- \*\*Expiration\*\*: 90 days from creation  
 \- \*\*Scopes\*\*:  
   \- repo (repository access)  
   \- workflow (GitHub Actions)  
   \- read:org (organization access, if applicable)

 \#\# Security Notes  
 \- Token stored in .env file (not committed to Git)  
 \- Protected by .gitignore  
 \- Can be revoked at: https://github.com/settings/tokens

 \#\# Usage  
 \- Environment variable: GITHUB\_TOKEN  
 \- Used for GitHub Models API authentication  
 \- Required for AI agent GitHub integration

 \#\# Expiration Management  
 \- Expires on: \[Add your expiration date\]  
 \- Renewal reminder: Set calendar reminder 1 week before expiration  
 \- Regeneration process: Follow this chapter's instructions

In [None]:
2\.   	**Set up expiration reminder**:

o   Calculate your token's expiration date (90 days from today)

o   Set a calendar reminder for 1 week before expiration

o   Include a link to this chapter for regeneration instructions

**Step 12: Test GitHub Models Access**

1\.   	**Verify GitHub Models connectivity**:

o   Create a test file called test\_github\_models.py:

In [None]:
import os  
 import requests  
 from dotenv import load\_dotenv

 load\_dotenv()

 def test\_github\_models\_access():  
 	"""Test access to GitHub Models API"""  
 	print("🧪 Testing GitHub Models Access...\\n")  
 	  
 	token \= os.getenv('GITHUB\_TOKEN')  
 	if not token:  
     	print("❌ GitHub token not found")  
     	return False  
 	  
 	\# GitHub Models endpoint  
 	endpoint \= "https://models.inference.ai.azure.com/v1/models"  
 	headers \= {  
     	'Authorization': f'Bearer {token}',  
     	'Content-Type': 'application/json'  
 	}  
 	  
 	try:  
     	response \= requests.get(endpoint, headers=headers)  
     	  
     	if response.status\_code \== 200:  
         	print("✅ GitHub Models access successful\!")  
         	models\_data \= response.json()  
         	if 'data' in models\_data:  
             	print(f"Available models: {len(models\_data\['data'\])}")  
             	\# Look for DeepSeek models  
             	deepseek\_models \= \[m for m in models\_data\['data'\] if 'deepseek' in m.get('id', '').lower()\]  
             	if deepseek\_models:  
                 	print(f"DeepSeek models found: {len(deepseek\_models)}")  
             	else:  
                 	print("DeepSeek models not found in response")  
         	return True  
     	else:  
         	print(f"❌ GitHub Models access failed: {response.status\_code}")  
         	print(f"Response: {response.text}")  
         	return False  
         	  
 	except requests.RequestException as e:  
     	print(f"❌ Network error: {e}")  
     	return False

 if \_\_name\_\_ \== "\_\_main\_\_":  
 	success \= test\_github\_models\_access()  
 	if success:  
     	print("\\n🎉 GitHub Models access configured successfully\!")  
 	else:  
     	print("\\n❌ GitHub Models access needs configuration")

In [None]:
2\.   	**Run the GitHub Models test**:

o   Save the file and run: python test\_github\_models.py

o   This verifies your token can access the AI services you'll use

**Security Best Practices Summary**

Now that your token is configured, follow these ongoing security practices:

**Token Management:**

·       ✅ Store tokens in environment variables only

·       ✅ Never commit tokens to version control

·       ✅ Use descriptive names for easy identification

·       ✅ Set appropriate expiration dates

·       ✅ Monitor token usage through GitHub settings

**Access Control:**

·       ✅ Use minimum necessary permissions (principle of least privilege)

·       ✅ Create separate tokens for different projects/purposes

·       ✅ Revoke tokens immediately when no longer needed

·       ✅ Regularly audit your active tokens

**Monitoring and Maintenance:**

·       ✅ Set up expiration reminders

·       ✅ Monitor token usage in GitHub settings

·       ✅ Rotate tokens regularly (every 90 days recommended)

·       ✅ Keep documentation updated

**Troubleshooting Common Issues**

**Token authentication fails:**

·       Verify the token is correctly copied (check for extra spaces)

·       Ensure the token hasn't expired

·       Confirm you selected the necessary scopes

·       Test with GitHub API first before trying GitHub Models

**Environment variable not loading:**

·       Check that your .env file is in the project root

·       Verify there are no spaces around the \= sign

·       Try restarting your Codespace

·       Ensure you're calling load\_dotenv() in your Python scripts

**Permission denied errors:**

·       Review the scopes you selected when creating the token

·       Some operations may require additional permissions

·       Consider creating a new token with broader scopes if needed

**Token shows in Git status:**

·       Verify your .gitignore file includes .env

·       Check for typos in the .gitignore file

·       Make sure .gitignore is in the project root directory

**Your Security Foundation is Complete**

Congratulations\! You now have a secure authentication system for your AI development projects:

·       ✅ **GitHub Personal Access Token** created with appropriate permissions

·       ✅ **Secure Storage** in environment variables protected from version control

·       ✅ **API Access** verified for both GitHub and GitHub Models

·       ✅ **Security Documentation** for ongoing maintenance

·       ✅ **Testing Scripts** to verify functionality

·       ✅ **Best Practices** implemented for professional development

**What This Enables**

With your secure token configuration, you can now:

·       Access GitHub Models API for AI services

·       Integrate AI agents with GitHub repositories

·       Use GitHub Actions for automated workflows

·       Build production-ready applications with proper authentication

·       Follow security best practices for API access

**Professional Development Impact**

This security setup demonstrates several important professional skills:

·       **Security-First Approach**: Implementing authentication before functionality

·       **Documentation**: Clear record-keeping for maintenance and collaboration

·       **Testing**: Verification that security measures work correctly

·       **Best Practices**: Following industry standards for API authentication

In the upcoming chapters, you'll use this secure foundation to connect with DeepSeek's reasoning capabilities and build sophisticated AI agents. Your careful attention to security now will pay dividends throughout your AI development journey.

Remember: Professional AI development requires regular credential rotation. Set up reminders to review and refresh your tokens every 90 days, and always monitor for any unauthorized usage through GitHub's security settings.

Your secure AI development environment is now ready for the exciting work ahead.