# GitHub Repos & Copilot Token ### Create GitHub access token **Before you start:** * Tokens are tied to the user who generated them and stop working if that user loses access. Prefer creating the token from a dedicated bot/service account when possible\ * Org owners can enforce policies on fine grained PATs, including maximum lifetime and admin approval. By default, orgs cap fine grained PATs at ≤366 days; you can still set “no expiration” if your org policy allows it.\ [https://docs.github.com/en/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization
](https://docs.github.com/en/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization) *** ### Step-by-step: Create the token **1. Open the fine-grained token page** GitHub → Your profile (top-right) → Settings → Developer settings (last option on the side menu) →\ Personal access tokens → Fine-grained tokens → Generate new token.\ **2. Name & description** * Token name: Milestone’s Copilot Token (read-only) * Description: Token to be used by Milestone integration to gather metadata and generate analytics. **3. Expiration** * Choose: 1 year * If your org allows longer, you may choose “**No expiration**”; if your org enforces a shorter maximum, coordinate with an org owner to adjust the **maximum lifetime** policy. ([GitHub Docs](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens)) **4. Resource owner** * Select your **organization** as **Resource owner** (the token will only access resources owned by that org). * If your org doesn’t appear, it may have blocked fine-grained PATs—ask an org owner to allow them. ([GitHub Docs](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens)) **5. Repository access** * Choose All repositories for that org.\ (If you pick Only select repositories, you’ll have to choose them one by one in the next field.) ([GitHub Docs](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens)) **6. Permissions** In **Permissions**, set the following to **Read** (only what Milestone needs).\ These map to GitHub’s fine-grained permission model for API and Git read access. ([GitHub Docs](https://docs.github.com/en/rest/authentication/permissions-required-for-fine-grained-personal-access-tokens?apiVersion=2022-11-28)) **Repository permissions (Read):** * **Contents**: **Read** (code/content, trees, blobs; required for read-only cloning and file/API reads) * **Metadata**: **Read** (listing repos, basic repo info) * **Pull requests**: **Read** (Pull requests and related info) **7. Organization permissions (Read):** * Members: Read (lets Milestone read the org’s members list when needed).\ ([GitHub Docs](https://docs.github.com/en/rest/authentication/permissions-required-for-fine-grained-personal-access-tokens?apiVersion=2022-11-28)) **8. Generate** Click Generate token and store it on the machine where Milestone will be setting up their services.\ If your org requires approvals, the token will show as pending and will only access public resources until approved by an org owner.\ ([GitHub Docs](https://docs.github.com/en/rest/authentication/permissions-required-for-fine-grained-personal-access-tokens?apiVersion=2022-11-28)) *** Note: Regarding permissions, we only require read-access permissions.\ If you have any additional questions about specific permissions to grant, please contact us. > **Note**: Regarding permissions, we only require read-access permissions.\ > If you have any additional questions about specific permissions to grant, please contact us.