v2.24.0 — GitHub CLI

What's New

Option to store gh access token in system encrypted storage

The gh auth login and gh auth refresh commands gained the new --secure-storage flag. In this mode, the access token that GitHub CLI uses for GitHub API requests will now be stored in the system keyring instead of in the plain text config file.

To migrate as an existing GitHub CLI user, re-authenticate like so:

gh auth refresh --secure-storage -h github.com

Depending on your system, you could get an interactive prompt to allow the CLI tool to access the system keyring. The systems that are supported are:

Keychain on macOS
GNOME Keyring on Linux (Secret Service dbus interface)
Wincred on Windows

Please note:

This feature is currently opt-in, but will become the default in the near future.
If none of the system storage providers are found, or the store operation fails, the token will be written to the config file as before.
Using this feature could result in Go extensions breaking if they were not updated to the latest go-gh version. If extensions you are using no longer work after migrating your token to secure token storage, please report the issue to that extension's repository.
Storing tokens in system keyring most likely won't work in “headless” environments.

Other additions

Add option to store credentials in OS keyring by @samcoe @mislav in https://github.com/cli/cli/pull/7033 https://github.com/cli/cli/pull/7043 https://github.com/cli/cli/pull/7098
browse: add --releases option by @owenvoke in https://github.com/cli/cli/pull/6996
Add gpg-key add --title to name GPG keys by @rpadaki in https://github.com/cli/cli/pull/6993
Add command gh repo unarchive by @Ruminateer in https://github.com/cli/cli/pull/7003
Add macOS arm64 prebuilt binaries by @beret in https://github.com/cli/cli/pull/4435
Introduce GH_PATH environment variable by @samcoe in https://github.com/cli/cli/pull/7025

What's Changed

repo fork: retry git clone on git clone failure by @jsoref in https://github.com/cli/cli/pull/6962
repo fork: add newline after printing error about existing fork by @digitalfu in https://github.com/cli/cli/pull/7030
codespace: add --repo filter to more commands by @cmbrose in https://github.com/cli/cli/pull/6669
codespace code: always open new VS Code window by @cmbrose in https://github.com/cli/cli/pull/7092
pr diff: sanitize control characters for terminal output by @mislav in https://github.com/cli/cli/pull/7108
browse: use --commit flag to browse commit SHAs containing only digits by @yanskun in https://github.com/cli/cli/pull/7038
pr status: fix when on a detached HEAD by @alex-petrov-vt in https://github.com/cli/cli/pull/7082
auth token: respect GH_HOST if a hostname is not provided by @samcoe in https://github.com/cli/cli/pull/7094
Address Projects bugs by @samcoe in https://github.com/cli/cli/pull/7007
Properly handle C1 control sequences by @samcoe in https://github.com/cli/cli/pull/7079
Cleanup logic to retry on failure by @samcoe in https://github.com/cli/cli/pull/7027
Cleanup config.AuthToken and config.DefaultHost methods by @samcoe in https://github.com/cli/cli/pull/7049
Bump golang.org/x/net package by @samcoe in https://github.com/cli/cli/pull/7026
Bump github.com/gabriel-vasile/mimetype from 1.4.1 to 1.4.2 by @dependabot in https://github.com/cli/cli/pull/7107
Update working-with-us.md by @vilmibm in https://github.com/cli/cli/pull/7077

New Contributors

@beret made their first contribution in https://github.com/cli/cli/pull/4435
@digitalfu made their first contribution in https://github.com/cli/cli/pull/7030
@Ruminateer made their first contribution in https://github.com/cli/cli/pull/7003
@alex-petrov-vt made their first contribution in https://github.com/cli/cli/pull/7082

Full Changelog: https://github.com/cli/cli/compare/v2.23.0...v2.24.0