> Commvault Cloud > DevOps Solutions > GitHub

Personal Access Token Permissions and User Roles for GitHub

To enable secure backups of your GitHub repositories using Commvault Cloud, you must generate a Personal Access Token (PAT). This token authorizes Commvault Cloud to access your repositories and metadata for backup and recovery purposes.

Note

The GitHub account used to generate the token must have Owner or Admin role in the organization to ensure all required permissions can be granted.

Commvault Cloud supports both Fine-Grained and Classic tokens.

Generate a Fine-Grained PAT (Optional)

Recommended for restricted access to specific repositories.

Procedure

  1. Navigate to your GitHub Organization.

  2. Click the Profile Icon in the top-right corner.

  3. Go to Settings.

  4. In the left sidebar, select Developer Settings.

  5. Under Personal Access Tokens, choose Fine-grained tokens.

  6. Click Generate new token.

    Select the required scopes:

    • Repository Permissions

    • Administration (Read & Write)

    • Commit Statuses (Read & Write)

    • Contents (Read & Write)

    • Custom Properties (Read & Write)

    • Metadata (Read Only)

    • Pull Requests (Read & Write)

    • Webhooks (Read & Write)

    • Organization / Account Permissions

    • Members (Read Only)

    • Plan (Read Only)

Recommended for complete backup and recovery support, including metadata.

Procedure

  1. Navigate to your GitHub Organization.

  2. Click the Profile Icon in the top-right corner.

  3. Go to Settings.

  4. In the left sidebar, select Developer Settings.

  5. Under Personal Access Tokens, select Tokens (Classic).

  6. Click Generate new token (classic).

    Select the required scopes:

    • repo – Grants full control of private repositories (includes issues, pull requests, metadata, and content).

    • admin:org – Required to read organization-level metadata

    • read:user (Under User Scope) - This scope shall be selected if a personal account is backed up.

Need Help? Watch the Video

A brief walkthrough video is available that demonstrates:

  • How to navigate GitHub to locate PAT settings

  • The correct scopes to select for both Classic and Fine-Grained tokens

  • Best practices for securely storing and using your PAT

Which One Should You Use?

While GitHub offers both token types, Classic PATs are currently better suited for full backup support—including repository metadata, pipelines, and webhooks. Fine-Grained tokens offer more granular access control but may require manual adjustments for comprehensive protection.

Loading...