GitHub auth method best practices: Do you create a new github token every day?

It seems that the GitHub auth method is recommended for dev machines. In the “Best Practices for Using HashiCorp Terraform with HashiCorp Vault” YouTube video [1], the dev logs in every day with a GitHub token.

Do you create a new GitHub token every day or do you reuse the same one? I think I wouldn’t want to set GITHUB_TOKEN in my bash profile and have every program have access to it.


[1] Best Practices for Using HashiCorp Terraform with HashiCorp Vault - YouTube

I would say creating a new github auth token every day seems very tedious. I have a token per application, with the relevant scopes for that application. They are static - I create them once per application and only rotate (or delete) them when the application itself changes, or there is some sort of vulnerability or exposure of the token.

If you are using the token to authenticate to Vault, it should be kept very secret of course, since it will be used by Vault to issue tokens on your behalf, to authenticate to other services, perhaps including GitHub itself.

I’m more interested in what drove you to pose the question in the first place. What are you doing now that feels like it should be done differently or better?

Thank you for the reply.

I’m considering using Vault at work using GitHub tokens to authenticate to Vault.

I’m guessing our devs should just generate a GitHub token once and put it in a password manager to keep it safe.

I was wondering if people did that or generated a fresh GitHub token every day, which is tedious.

Or if people had some help tools using pass or their os keyrings.