What are the scenarios where you would use GPG keys vs ssh keys vs personal access tokens.
They seem to achieve the same objective (secure, authorized access to repos); why have three different ways to do the same?
Are there any situations where using one is better than the other?
GPG keys are for signing commits, in the sense that they become part of the Git repository. SSH keys only allow you to temporarily access the repo (push, pull). You can use SSH keys for commit signings, but it's not what it's used for and not recommended [0]
Personal access tokens and SSH keys are also similar but personal access tokens have more restrictions, and one use case for that would be to allow IDE's or third party software to access your repos with restrictions [1].
[0] Some previous related post: GPG vs SSH keys
