Personal Access Tokens
Complete step-by-step guide to create and configure Personal Access Tokens (PAT) for GitHub, GitLab and Bitbucket
๐ Introduction
Welcome to the Mindus Forge Token Setup Guide. This comprehensive documentation will walk you through the process of creating Personal Access Tokens (PAT) for GitHub, GitLab, and Bitbucket. These tokens are essential for Mindus Forge to create repositories and push code on your behalf.
Unlike OAuth authentication which may have limited permissions, Personal Access Tokens give you full control over exactly what access you grant. This guide will help you create tokens with the minimum required permissions for Mindus Forge to function properly.
๐ What is a Personal Access Token?
A Personal Access Token (PAT) is an alternative to using your password for authenticating to GitHub, GitLab, or Bitbucket when using the API or command line. Think of it as a secure, revocable password that you can create for specific applications like Mindus Forge.
PATs are superior to regular passwords for API access because:
- Fine-grained permissions: You can give exactly the access needed (e.g., only repository access, not account management)
- Revocable: If a token is compromised, you can revoke it without changing your password
- Expiration dates: You can set tokens to expire automatically after a certain period
- Auditable: You can see when and where each token was last used
๐ก Pro Tip: Always create separate tokens for different applications. This way, if one application is compromised, you only need to revoke that specific token.
๐ GitHub Personal Access Token
Platform: GitHub ยท Type: Personal Access Token (Classic)
Step-by-Step Instructions
Go to GitHub Settings โ Developer settings โ Personal access tokens โ Tokens (classic)
Click Generate new token (classic) and authenticate if prompted.
Enter a descriptive name like Mindus Forge so you can identify it later.
Choose an expiration date. We recommend 90 days or 1 year. You can always create a new token when it expires.
You MUST select the following scopes for Mindus Forge to work properly:
- โ repo (ALL sub-options) - This grants full control of repositories
- โ workflow - Allows updating GitHub Action workflows (optional but recommended)
โ ๏ธ Critical: Without the repo scope, Mindus Forge CANNOT create repositories or push code. Make sure to expand the "repo" section and check ALL sub-options.
Click Generate token at the bottom. IMPORTANT: Copy the token immediately! GitHub will only show it once.
๐ The token looks like: ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Go to Settings โ Personal Access Tokens in Mindus Forge, paste your token, and click "Save Token".
๐ฆ GitLab Personal Access Token
Platform: GitLab ยท Type: Personal Access Token
Step-by-Step Instructions
Go to GitLab User Settings โ Access Tokens
Enter a token name like Mindus Forge.
Choose an expiration date (recommended: 1 year).
Select the following scopes:
- โ api - Grants complete read/write access to the API
- โ write_repository - Allows pushing code to repositories
- โ read_repository - Allows reading repositories (required for some features)
Click Create personal access token. Copy the token immediately - it won't be shown again!
Go to Settings โ Personal Access Tokens in Mindus Forge, paste your token, and click "Save Token".
๐ชฃ Bitbucket App Password
Platform: Bitbucket ยท Type: App Password
Step-by-Step Instructions
Go to Bitbucket Account Settings โ App Passwords
Click Create app password.
Enter a label like Mindus Forge.
Select the following permissions:
- โ Account โ Read
- โ Projects โ Read
- โ Repositories โ Read and Write
- โ Pull Requests โ Read and Write (optional)
Click Create. Copy the generated password immediately - it won't be shown again!
Go to Settings โ Personal Access Tokens in Mindus Forge, paste your App Password, and click "Save Token".
๐ Scopes Explained
Scopes are permissions that define what actions a token can perform. Here's what each scope means for Mindus Forge:
GitHub Scopes
| Scope | Required | Purpose |
|---|---|---|
| repo | โ Yes | Full control of repositories - allows creating, reading, and pushing code |
| repo:status | โ Yes | Access commit status (part of repo scope) |
| repo_deployment | โ Yes | Access deployments (part of repo scope) |
| public_repo | โ Yes | Access public repositories (part of repo scope) |
| repo:invite | โ Yes | Access repository invitations (part of repo scope) |
| workflow | โญ Optional | Update GitHub Action workflows |
GitLab Scopes
| Scope | Required | Purpose |
|---|---|---|
| api | โ Yes | Full API access - required for repository operations |
| write_repository | โ Yes | Push code to repositories |
| read_repository | โ Yes | Read repository contents |
Bitbucket Scopes
| Permission | Required | Purpose |
|---|---|---|
| Account โ Read | โ Yes | Identify your account |
| Repositories โ Read | โ Yes | List and read your repositories |
| Repositories โ Write | โ Yes | Push code to repositories |
| Pull Requests โ Read/Write | โญ Optional | Create pull requests automatically |
๐ก๏ธ Security Best Practices
โ ๏ธ Critical Security Guidelines:
- Never share your tokens - Treat them like passwords
- Don't commit tokens to git - Never hardcode tokens in your code
- Use environment variables - Store tokens in environment variables or secure vaults
- Set expiration dates - Always set an expiration date for your tokens
- Use minimum required scopes - Only grant permissions that are absolutely necessary
- Regularly rotate tokens - Create new tokens and delete old ones every few months
- Revoke unused tokens - Immediately revoke tokens you no longer need
- Monitor token usage - Check when and where your tokens are being used
๐ What to do if a token is compromised:
1. Immediately revoke/delete the compromised token on the platform
2. Create a new token with the same scopes
3. Update the token in Mindus Forge Settings
4. Review recent activity on your account
๐ง Troubleshooting
Common Issues and Solutions
This means your token doesn't have the repo scope. Delete the token and create a new one with ALL repo sub-options selected.
Your token is invalid or expired. Create a new token and update it in Mindus Forge Settings.
Your token doesn't have permission to create repositories. Verify that the repo scope is selected for GitHub, or write_repository for GitLab.
Click the "Refresh All" button in Settings. If it still doesn't appear, try deleting and re-adding the token.
โ Frequently Asked Questions
Why do I need a Personal Access Token?
Mindus Forge needs permission to create repositories and push code on your behalf. A PAT gives us exactly the permissions needed without exposing your password.
Can I use OAuth instead?
OAuth is available for login, but it may have limited permissions. For full functionality (creating repositories, pushing code), a PAT with the correct scopes is required.
How often should I rotate my tokens?
We recommend rotating tokens every 90 days for optimal security. Set expiration dates when creating tokens to automate this process.
What happens if my token expires?
When your token expires, Mindus Forge will no longer be able to push code. Simply create a new token and update it in Settings.
Can I use the same token for multiple platforms?
No. Each platform (GitHub, GitLab, Bitbucket) requires its own separate token. Create one for each platform you want to use.
Is my token stored securely?
Yes. All tokens are encrypted in our database and never exposed in logs or API responses.
๐ Next Steps
Now that you've created your Personal Access Tokens, here's what you can do next:
๐ก Need help? Contact our support team at support@mindusforge.com or join our Discord community for real-time assistance.
Mindus SAS โ 12 rue de la Fonderie, 75011 Paris โ RCS Paris 912 345 678 โ VAT FR23912345678
Documentation Version: 1.0.0 | Last updated: June 4, 2026