docs/installation-guides/install-gemini-cli.md
For security, avoid hardcoding your token. Create or update ~/.gemini/.env (where ~ is your home or project directory) with your PAT:
# ~/.gemini/.env
GITHUB_MCP_PAT=your_token_here
MCP servers for Gemini CLI are configured in its settings JSON under an mcpServers key.
~/.gemini/settings.json where ~ is your home directory.gemini/settings.json in your project directoryAfter securely storing your PAT, you can add the GitHub MCP server configuration to your settings file using one of the methods below. You may need to restart the Gemini CLI for changes to take effect.
Note: For the most up-to-date configuration options, see the main README.md.
The simplest way is to use GitHub's hosted MCP server via our gemini extension.
gemini extensions install https://github.com/github/github-mcp-server
[!NOTE] You will still need to have a personal access token with the appropriate scopes called
GITHUB_MCP_PATin your environment.
You can also connect to the hosted MCP server directly. After securely storing your PAT, configure Gemini CLI with:
// ~/.gemini/settings.json
{
"mcpServers": {
"github": {
"httpUrl": "https://api.githubcopilot.com/mcp/",
"headers": {
"Authorization": "Bearer $GITHUB_MCP_PAT"
}
}
}
}
With docker running, you can run the GitHub MCP server in a container.
Log in with OAuth instead of a token. On github.com the official image already includes the app credentials, so you provide none yourself — the server opens a browser login on first use and keeps the token in memory only. In Docker, publish a fixed callback port to loopback:
// ~/.gemini/settings.json
{
"mcpServers": {
"github": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-p",
"127.0.0.1:8085:8085",
"-e",
"GITHUB_OAUTH_CALLBACK_PORT",
"ghcr.io/github/github-mcp-server"
],
"env": {
"GITHUB_OAUTH_CALLBACK_PORT": "8085"
}
}
}
}
See Local Server OAuth Login for the native-binary flow (no fixed port), headless/device-code fallback, GitHub Enterprise, and bringing your own OAuth or GitHub App.
To authenticate with a Personal Access Token instead (it takes precedence over OAuth):
// ~/.gemini/settings.json
{
"mcpServers": {
"github": {
"command": "docker",
"args": [
"run",
"-i",
"--rm",
"-e",
"GITHUB_PERSONAL_ACCESS_TOKEN",
"ghcr.io/github/github-mcp-server"
],
"env": {
"GITHUB_PERSONAL_ACCESS_TOKEN": "$GITHUB_MCP_PAT"
}
}
}
}
You can download the latest binary release from the GitHub releases page or build it from source by running go build -o github-mcp-server ./cmd/github-mcp-server.
Then, replacing /path/to/binary with the actual path to your binary, configure Gemini CLI with:
// ~/.gemini/settings.json
{
"mcpServers": {
"github": {
"command": "/path/to/binary",
"args": ["stdio"],
"env": {
"GITHUB_PERSONAL_ACCESS_TOKEN": "$GITHUB_MCP_PAT"
}
}
}
}
To log in with OAuth instead of a PAT (no token to create or store), omit GITHUB_PERSONAL_ACCESS_TOKEN — the native binary uses a random loopback callback port, so no extra configuration is needed. See Local Server OAuth Login.
To verify that the GitHub MCP server has been configured, start Gemini CLI in your terminal with gemini, then:
Check MCP server status:
/mcp list
ℹConfigured MCP servers:
🟢 github - Ready (96 tools, 2 prompts)
Tools:
- github__add_comment_to_pending_review
- github__add_issue_comment
- github__add_sub_issue
...
Test with a prompt
List my GitHub repositories
You can find more MCP configuration options for Gemini CLI here: MCP Configuration Structure. For example, bypassing tool confirmations or excluding specific tools.
docker --version
docker logout ghcr.io then retryrepo - Repository operationsread:packages - Docker image access (if using Docker)cat ~/.gemini/settings.json | jq .
gemini --debug "test command"