Please also see (auth)Top for all the gory details about Auth-Source.
auth-sources controls how and where Auth-Source keeps its
secrets. The default value is a list of three files:
"~/.authinfo.gpg" "~/.netrc"), but to avoid confusion you should make
sure that only one of these files exists and then you should also
adjust the value of the variable to only ever use that file, for
(setq auth-sources '("~/.authinfo"))
~/.authinfo secrets are stored in plain text. If you don’t want
that, then you should use the encrypted
(setq auth-sources '("~/.authinfo.gpg"))
Auth-Source also supports storing secrets in various external key-chains. See (auth)Top for more information.
The default Auth-Source backends only support storing three values per entry; the "machine", the "login" and the "password". Because Ghub uses separate tokens for each package, it has to squeeze four values into those three slots, and it does that by using "USERNAME^PACKAGE" as the "login".
Assuming your Github username is "ziggy", the package is named "forge", and you want to access Github.com, an entry in one of the three mentioned files would then look like this:
machine api.github.com login ziggy^forge password 012345abcdef...
Assuming your Gitlab username is "ziggy", the package is named "forge", and you want to access Gitlab.com, an entry in one of the three mentioned files would then look like this:
machine gitlab.com/api/v4 login ziggy^forge password 012345abcdef...