-
-
Save technoweenie/1072829 to your computer and use it in GitHub Desktop.
machine github.com | |
login technoweenie | |
password SECRET | |
machine api.github.com | |
login technoweenie | |
password SECRET |
What about per-repository login?
@noamtm I just checked, netrc or gitcredentials aren't up to the task (the latter has an option to match on host paths, but prefix matches are missing so it's only semi-convenient). If you control the url you should put the username in the url or use host aliases, both ssh (man ssh_config
) and git (git help config
then /insteadof
) have them; if you can't (go get
or pip remote requirements), there is no convenient solution.
Note about a limitation: password in .netrc
file should not contain spaces, since the .netrc
file is parsed against spaces, tabs and new-lines.
Thanks man! Exactly what I needed
Any way to store password here not in plain text.
It's too risky to store in plaintext
github supports the access token instead of password: https://help.github.com/articles/creating-an-access-token-for-command-line-use/
@rhiannon that's all good until you are somewhere that blocks 22 outbound.
@andrewspiers I thought that you can alternatively use port 443 outbound for SSH traffic... Or am I confused with bitbucket...?
Thanks! Exactly what I needed
Is it possible to add a default editor within this file?
I am tring to use git pull-request
and keep getting this error:
$EDITOR is unset, you will not be able to edit the pull-request message
Hi, what about git-credentials
and git-credentials-store
?
Excerpt from
The Vanilla DevOps Git Credentials & Private Packages Cheatsheet
GIT_ASKPASS
GIT_ASKPASS
and SSH_ASKPASS
are probably the least hacky approaches, but not as flexible as some of the others.
export GIT_ASKPASS=$HOME/.git-askpass.sh
~/.git-askpass.sh
#!/bin/bash
echo xxxxxxxx
chmod 0700 ~/.git-askpass.sh
.gitconfig
The .gitconfig
approach has the advantage of being able to interchange ssh, git, and https urls and you can use granular path matching.
.gitconfig
:
[url "https://api:[email protected]/"]
insteadOf = https://github.com/
[url "https://api:[email protected]/"]
insteadOf = https://[email protected]/
[url "https://api:[email protected]/"]
insteadOf = ssh://[email protected]/
[url "https://api:[email protected]/"]
insteadOf = [email protected]:
Which you can create by doing this:
git config --global url."https://api:[email protected]/".insteadOf "ssh://[email protected]/"
git config --global url."https://api:[email protected]/".insteadOf "[email protected]:"
git config --global url."https://api:[email protected]/".insteadOf "https://github.com/"
git config --global url."https://api:[email protected]/".insteadOf "https://api:github.com/"
git-credentials
This is nice because it's very granular and you can combine it with the trick above.
git config credential.helper store
~/.git-config
:
[url "https://github.com/"]
insteadOf = ssh://[email protected]/
[credential]
helper = store
~/.git-credentials
:
https://api:[email protected]/myorganization/
.netrc
~/.netrc
:
machine github.com
login api
password xxxxxxxx
For those in the future wondering why this might not work - as of Go 1.13.x, Go uses proxies when downloading packages and verifying checksums.
In order to bypass the proxies, you'll need to set the environment variables GOPROXY
, GONOPROXY
, GOSUMDB
, GONOSUMDB
to the appropriate values.
For example, from the documentation:
GOPRIVATE=*.corp.example.com
GOPROXY=proxy.example.com
GONOPROXY=none
This states:
- Packages matching
*.corp.example.com
are private (and thus the proxy and checksum sites will not be used to download/verify them). - Use
proxy.example.com
as the proxy for downloading packages (though note that this does not set the checksum site). - Only packages matching "none" should not be proxied (so, unless you have a package called "none", all packages will be proxied). This overrides the first line/the
GOPRIVATE
variable.
Something interesting I found while testing the .netrc with go+git+GitHub: when using a GitHub personal access token (PAT) for the password
in the .netrc, the value given for login
can be any arbitrary value, it doesn't need to be the username that the PAT was generated for (it does need to be set to something though).
Instructions for GitLab folks, as this was one of my first results of Googling "GitLab .netrc":
machine gitlab.com
login oauth2
password <PERSONAL_ACCESS_TOKEN>
That enables:
- Cloning repos with https
- Accessing some private package registries with https (ex: pypi)
- Login in GitLab's private container registry using
docker login registry.gitlab.com
(of course your <PERSONAL_ACCESS_TOKEN> needs the correct capabilities)
Also, during CI:
build_job:
script:
- |
echo "
machine gitlab.com
login gitlab-ci-token
password $CI_JOB_TOKEN
" > ~/.netrc
- <stuff>
Stick this in ~/.netrc with chmod 600 or something. You can curl the api as yourself with
curl -n https://api.github.com/user