Revoking your credentials

If you believe your account credentials may be compromised, you can revoke all your authorizations to protect any enterprises you have access to. If you are a member of an empresa con usuarios administrados, you can also choose to delete all your credentials.

En este artículo

If you believe your account may be compromised, your hardware was lost or stolen, or you otherwise need to immediately revoke all access associated with your account, you can take action on all of your credentials at once to quickly reduce risk.

Depending on your account type, the following actions are available:

  • Revoke all SSO authorizations: Remove your credentials' access to SSO-protected resources in an enterprise. This action removes SSO authorizations but does not delete the credentials themselves.
  • Delete all keys and tokens: Permanently delete all your tokens and SSH keys. This option is available for members of an empresa con usuarios administrados.

Advertencia

These actions are irreversible. Once you revoke authorizations or delete credentials, you cannot restore them. You will need to create new credentials and re-authorize them for any organizations or processes that require access.

Understanding the impact

Before taking action, consider the following:

  • Automations will break: Any scripts, CI/CD pipelines, or automated processes that use your tokens will stop working.
  • Re-authorization required: After revoking SSO authorizations, you will need to create new credentials and authorize them with each organization.
  • SSH access: If you delete your SSH keys, you will need to generate new keys and add them to your account to continue using SSH.

Revoking all SSO authorizations

  1. En la esquina superior derecha de cualquier página en GitHub, haz clic en la fotografía de perfil y luego en Settings.
  2. In the "Access" section of the sidebar, click Credentials.
  3. Under "Danger zone", click Revoke all.
  4. From the Enterprise dropdown, select the enterprise where you want to revoke your authorizations.
  5. To confirm, type USERNAME credentials (replacing USERNAME with your username).
  6. Click Revoke authorizations.

Deleting all keys and tokens

You can bulk-delete your credentials if you are a member of an empresa con usuarios administrados.

  1. En la esquina superior derecha de cualquier página en GitHub, haz clic en la fotografía de perfil y luego en Settings.
  2. In the "Access" section of the sidebar, click Credentials.
  3. Under "Danger zone", click Delete all.
  4. To confirm, type USERNAME credentials (replacing USERNAME with your username).
  5. Click Delete keys and tokens.

After revoking or deleting credentials

After taking action on your credentials:

  1. Create new credentials: Generate new personal access tokens and SSH keys as needed. See Administración de tokens de acceso personal and Adición de una nueva clave SSH a la cuenta de GitHub.
  2. Re-authorize for SSO: If your organizations require SSO, authorize your new credentials. See Autorización de un token de acceso personal para su uso con el inicio de sesión único and Autorización de una clave SSH para su uso con el inicio de sesión único.
  3. Update automations: Update any scripts, CI/CD pipelines, or other automated processes with your new credentials.
  4. Review your security: Consider enabling two-factor authentication and reviewing your authorized applications. See Evitar acceso no autorizado.

Further reading