Skip to content
Changelog Hub

jdx/mise v2026.3.15

GitHub / jdx/mise / v2026.3.15 source

This release adds a new github.credential_command setting that lets you plug any external secret manager into mise's GitHub token resolution, and adjusts its priority so it takes precedence over file-based token sources.

Added

  • github.credential_command setting for custom token retrieval -- You can now configure a shell command that mise runs to obtain a GitHub token, enabling integration with secret managers like 1Password, HashiCorp Vault, or any custom script. The command is executed via sh -c and receives the hostname as $1, so it can return different tokens for github.com and GitHub Enterprise instances. Results are cached per host per session. #8746 by @jdx

    [settings.github]
credential_command = "op read 'op://Private/GitHub Token/credential'"

    This can also be set via the MISE_GITHUB_CREDENTIAL_COMMAND environment variable.

Changed

  • credential_command priority raised above file-based sources -- Since credential_command is an explicit user configuration, it now takes priority over github_tokens.toml and the gh CLI's hosts.yml. Previously it sat at the bottom of the resolution order alongside git credential fill. The git credential fill fallback remains as the lowest-priority option and is no longer blocked when credential_command is set but returns no token. #8748 by @jdx

    Updated token priority for github.com:

    #Source
    1MISE_GITHUB_TOKEN env var
    2GITHUB_API_TOKEN env var
    3GITHUB_TOKEN env var
    4credential_command (if set) -- new
    5github_tokens.toml (per-host)
    6gh CLI token (from hosts.yml)
    7git credential fill (if enabled)

Full Changelog: https://github.com/jdx/mise/compare/v2026.3.14...v2026.3.15