What are PATs?

Personal Access Tokens (PATs) provide an alternative method for authentication when logging into certain Redgate apps. They are unique tokens that you can generate, which will function like a password, enabling you to perform a login flow without the user being present, such as when using a CLI tool in a pipeline.

As PATs act like passwords, they are tied to the user who generated them and need to be secured just like any other password or secret. Leaked PATs should be revoked immediately.

PATs can be used regardless of whether you login with Redgate credentials or Single sign-on (SSO).

Which Redgate apps support PATs?

• Flyway - see here for details.

How can I manage my PATs?

You can visit the Personal Access Tokens section to manage, create new PATs, and revoke your existing PATs.

In order to create PATs you must confirm your login email, or login using Single sign-on (SSO).

For security reasons, we are unable to provide you with existing PAT values, so please ensure that you keep them secure and secret.

You cannot view or manage PATs created by other individuals within your organization.

Revoking a PAT will log out any apps that are logged in using that token within an hour.

How do I revoke a leaked PAT?

PAT values must be kept secure and secret hence if you encounter a suspected PAT value you should revoke it immediately.

• Visit the Revoke any token section and paste the suspected PAT value to revoke it.
• You do not need to login or be the owner of the PAT to revoke a leaked PAT.
• Any apps that are logged in with the respective PAT will be logged out within an hour.