Skip to main content

Cloning a Private GitHub Repository

· 3 min read
Anand Raja
Anand Raja
Senior Software Engineer

The ideal way to clone a GitHub repository to your local folder is to use a PAT (Personal Access Token).
A PAT provides secure, token-based authentication instead of your GitHub password.
It is especially required for accessing private repositories or when two-factor authentication is enabled.

Cloning a Private GitHub Repository Using a Personal Access Token (PAT)

To clone a private repository from GitHub using a Personal Access Token (PAT) (especially with read-only access):

  1. Generate a PAT

    • Click on your profile icon (top right) and go to “Settings” (not from the repo page).
    • Navigate to Developer settings > Personal access tokens.
    • Click "Generate new token" (classic) or "Fine-grained token".
    • Select the minimum required scopes (for read-only, choose repo:read or equivalent).
    • Important: Make sure to click the copy button after generating the token, as the token cannot be seen again once you leave the page.

  2. Clone the Repository Using the PAT

    • Use the following command in your terminal:

      git clone https://<PAT>@github.com/<OWNER>/<REPO>.git
      # in simple words: Prefix the PAT token followed by '@' in the clone link
      git clone https://PAT@GithubLink
      • Replace <PAT> with your personal access token.
      • Replace <OWNER> with the repository owner.
      • Replace <REPO> with the repository name.

    • Example:

      git clone https://ghp_xxxxxxxx@github.com/orgname/private-repo.git

    Note:

    • For security, avoid sharing your PAT or committing it to source control.
    • You can use a credential manager or .netrc file for safer storage instead of putting the PAT directly in the URL.

  3. Update Git remote URLs

    When you migrate a repository to private status, you'll need to update your remote URL with a Personal Access Token (PAT) to maintain access.

    • Check your current remote URL
    git remote -v

    This displays your existing remote URLs for fetch and push operations.

    • Update the remote URL with your PAT
    git remote set-url origin <NEW_GIT_URL_HERE>

    Example format:

    git remote set-url origin https://PAT@GithubLink
    • Verify the updated remote configuration
    git remote show origin

    This command provides detailed information about your remote repository connection.

Using .netrc for GitHub Authentication Instead of Putting PAT in the URL

You can store your GitHub Personal Access Token (PAT) securely in a .netrc file, so you don’t have to include it in the clone URL.

Steps:

  1. Create or Edit the .netrc File

    In your home directory (~), create or edit the .netrc file:

    nano ~/.netrc

  2. Add Your GitHub Credentials

    Add the following lines (replace with your actual GitHub username and PAT):

    machine github.com
    login your_github_username
    password your_personal_access_token

  3. Set Proper Permissions

    Make sure only you can read the file:

    chmod 600 ~/.netrc

  4. Clone or Pull Without Exposing the PAT

    Now you can use standard GitHub URLs without including your PAT:

    git clone https://github.com/OWNER/REPO.git

    Git will automatically use the credentials from your .netrc file.

Use a Host Alias for Repo-Specific Authentication

  1. Edit your .netrc file to add an entry for a custom host alias:

    machine myrepo.github.com
    login your_github_username
    password your_personal_access_token

  2. Clone the repo using the alias:

    git clone https://myrepo.github.com/OWNER/REPO.git

    This way, only this repo uses the credentials in .netrc for myrepo.github.com.

Note:

  • .netrc works for HTTPS authentication.
  • Never share your .netrc file or commit it to source control.

Reference

  1. Cloning Repository from Github portal using PAT