GitHub token¶
You need a Personal Access Token with permission to read and write issues on the target repository.
Issuebeam runs on Windows, macOS, and Linux — only the way you export GITHUB_TOKEN changes. The CLI is the same everywhere: python scripts/github_issue.py.
Classic token¶
- GitHub → Settings → Developer settings → Personal access tokens → Tokens (classic)
- Generate new token (classic)
- Minimum scope:
repo(or Issues-only with fine-grained on a single repo) - Copy the token — shown once
Fine-grained token (recommended for teams)¶
- Personal access tokens → Fine-grained tokens → Generate new token
- Repository access: only the project repo (e.g.
myorg/my-app) - Permissions → Issues: Read and write
- No other permissions required
Where to store the token¶
| Method | Works on | Pros | Cons |
|---|---|---|---|
GITHUB_TOKEN env var |
Win · Mac · Linux | Works in terminals and AI agents | Must restart IDE/shell after change |
.secrets/github_token |
All | Gitignored, simple, portable | Local file — never commit |
.env |
All | Convenient in dev | Risk of accidental commit (gitignored) |
Never paste the token in agent chat, public issues, or commits.
Set GITHUB_TOKEN (recommended)¶
- Open Environment Variables → User variables → New…
- Name:
GITHUB_TOKEN— Value:github_pat_... - OK on all dialogs
- Restart your IDE (Cursor, VS Code, …) or open a new terminal
Extra: if the IDE terminal still misses the variable, issuebeam also reads the Windows user registry (same value as above) — no extra setup.
Terminal / CLI agents — add to ~/.zshrc or ~/.bashrc:
Then source ~/.zshrc (or open a new terminal).
GUI apps (Cursor, VS Code launched from Dock) — user env vars from the shell are not always inherited. Options:
- Launch the IDE from a terminal:
cursor .orcode . - Or use
.env/.secrets/github_tokenin the project (see below)
Shell — add to ~/.bashrc, ~/.zshrc, or use direnv in the repo:
systemd user session (optional, for GUI tools):
Log out and back in. Alternatively use .env or .secrets/github_token.
Alternative: .env or .secrets/ (all OS)¶
.env at repo root (gitignored):
.secrets/github_token — one line, gitignored:
mkdir -p .secrets
printf '%s\n' 'github_pat_...' > .secrets/github_token
chmod 600 .secrets/github_token # macOS / Linux
Verify¶
Then (after repository slug is set):
Token resolution order (CLI)¶
The script reads the token automatically:
GITHUB_TOKENin the current process environment- Windows only: user env var from registry (helps IDE terminals)
.envin repo root.secrets/github_token
Optional: GITHUB_REPO in the environment¶
Same methods as GITHUB_TOKEN — useful if you always work on one repo: