github jdx/mise v2026.3.15
v2026.3.15: Custom credential command for GitHub tokens
on GitHub

7 hours ago

This release adds a new github.credential_command setting that lets you plug any external secret manager into mise's GitHub token resolution, and adjusts its priority so it takes precedence over file-based token sources.

Added

  • github.credential_command setting for custom token retrieval -- You can now configure a shell command that mise runs to obtain a GitHub token, enabling integration with secret managers like 1Password, HashiCorp Vault, or any custom script. The command is executed via sh -c and receives the hostname as $1, so it can return different tokens for github.com and GitHub Enterprise instances. Results are cached per host per session. #8746 by @jdx 

    [settings.github]
credential_command = "op read 'op://Private/GitHub Token/credential'"

    This can also be set via the MISE_GITHUB_CREDENTIAL_COMMAND environment variable.

Changed

  • credential_command priority raised above file-based sources -- Since credential_command is an explicit user configuration, it now takes priority over github_tokens.toml and the gh CLI's hosts.yml. Previously it sat at the bottom of the resolution order alongside git credential fill. The git credential fill fallback remains as the lowest-priority option and is no longer blocked when credential_command is set but returns no token. #8748 by @jdx

    Updated token priority for github.com:

    # Source
    1 MISE_GITHUB_TOKEN env var
    2 GITHUB_API_TOKEN env var
    3 GITHUB_TOKEN env var
    4 credential_command (if set) -- new
    5 github_tokens.toml (per-host)
    6 gh CLI token (from hosts.yml)
    7 git credential fill (if enabled)

Full Changelog: v2026.3.14...v2026.3.15

Check out latest releases or
releases around jdx/mise v2026.3.15

Don't miss a new mise release

NewReleases is sending notifications on new releases.

Get notifications