Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
.netrc file so you can push/pull to https git repos without entering your creds all the time
machine github.com
login technoweenie
password SECRET
machine api.github.com
login technoweenie
password SECRET
@technoweenie

This comment has been minimized.

Copy link
Owner Author

technoweenie commented Jul 8, 2011

Stick this in ~/.netrc with chmod 600 or something. You can curl the api as yourself with curl -n https://api.github.com/user

@noamtm

This comment has been minimized.

Copy link

noamtm commented Jan 7, 2013

What about per-repository login?

@g2p

This comment has been minimized.

Copy link

g2p commented Mar 20, 2013

@noamtm I just checked, netrc or gitcredentials aren't up to the task (the latter has an option to match on host paths, but prefix matches are missing so it's only semi-convenient). If you control the url you should put the username in the url or use host aliases, both ssh (man ssh_config) and git (git help config then /insteadof) have them; if you can't (go get or pip remote requirements), there is no convenient solution.

@madarche

This comment has been minimized.

Copy link

madarche commented Dec 23, 2013

Note about a limitation: password in .netrc file should not contain spaces, since the .netrc file is parsed against spaces, tabs and new-lines.

@soupdiver

This comment has been minimized.

Copy link

soupdiver commented Jul 9, 2014

Thanks man! Exactly what I needed

@kprikshit

This comment has been minimized.

Copy link

kprikshit commented May 1, 2015

Any way to store password here not in plain text.
It's too risky to store in plaintext

@sandeepraju

This comment has been minimized.

@snowyu

This comment has been minimized.

Copy link

snowyu commented Jul 24, 2015

github supports the access token instead of password: https://help.github.com/articles/creating-an-access-token-for-command-line-use/

@andrewspiers

This comment has been minimized.

Copy link

andrewspiers commented Feb 7, 2017

@rhiannon that's all good until you are somewhere that blocks 22 outbound.

@felipe1982

This comment has been minimized.

Copy link

felipe1982 commented Mar 14, 2017

@andrewspiers I thought that you can alternatively use port 443 outbound for SSH traffic... Or am I confused with bitbucket...?

@miradnan

This comment has been minimized.

Copy link

miradnan commented Mar 23, 2018

Thanks! Exactly what I needed

@LiviuLvu

This comment has been minimized.

Copy link

LiviuLvu commented May 19, 2018

Is it possible to add a default editor within this file?
I am tring to use git pull-request and keep getting this error:
$EDITOR is unset, you will not be able to edit the pull-request message

@kopax

This comment has been minimized.

Copy link

kopax commented Oct 2, 2018

Hi, what about git-credentials and git-credentials-store ?

@solderjs

This comment has been minimized.

Copy link

solderjs commented Jul 24, 2019

Excerpt from

The Vanilla DevOps Git Credentials & Private Packages Cheatsheet

GIT_ASKPASS

GIT_ASKPASS and SSH_ASKPASS are probably the least hacky approaches, but not as flexible as some of the others.

export GIT_ASKPASS=$HOME/.git-askpass.sh

~/.git-askpass.sh

#!/bin/bash
echo xxxxxxxx
chmod 0700 ~/.git-askpass.sh

.gitconfig

The .gitconfig approach has the advantage of being able to interchange ssh, git, and https urls and you can use granular path matching.

.gitconfig:

[url "https://api:xxxxxxxx@github.com/"]
  insteadOf = https://github.com/
[url "https://api:xxxxxxxx@github.com/"]
  insteadOf = https://api@github.com/
[url "https://api:xxxxxxxx@github.com/"]
  insteadOf = ssh://git@github.com/
[url "https://api:xxxxxxxx@github.com/"]
  insteadOf = git@github.com:

Which you can create by doing this:

git config --global url."https://api:xxx@github.com/".insteadOf "ssh://git@github.com/"
git config --global url."https://api:xxx@github.com/".insteadOf "git@github.com:"
git config --global url."https://api:xxx@github.com/".insteadOf "https://github.com/"
git config --global url."https://api:xxx@github.com/".insteadOf "https://api:github.com/"

git-credentials

This is nice because it's very granular and you can combine it with the trick above.

git config credential.helper store

~/.git-config:

[url "https://github.com/"]
  insteadOf = ssh://git@github.com/
[credential]
    helper = store

~/.git-credentials:

https://api:xxxxxxx@github.com/myorganization/

.netrc

~/.netrc:

machine github.com
login api
password xxxxxxxx
@Varriount

This comment has been minimized.

Copy link

Varriount commented Oct 22, 2019

For those in the future wondering why this might not work - as of Go 1.13.x, Go uses proxies when downloading packages and verifying checksums.

In order to bypass the proxies, you'll need to set the environment variables GOPROXY, GONOPROXY, GOSUMDB, GONOSUMDB to the appropriate values.

For example, from the documentation:

GOPRIVATE=*.corp.example.com
GOPROXY=proxy.example.com
GONOPROXY=none

This states:

  • Packages matching *.corp.example.com are private (and thus the proxy and checksum sites will not be used to download/verify them).
  • Use proxy.example.com as the proxy for downloading packages (though note that this does not set the checksum site).
  • Only packages matching "none" should not be proxied (so, unless you have a package called "none", all packages will be proxied). This overrides the first line/the GOPRIVATE variable.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.