Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
.netrc file so you can push/pull to https git repos without entering your creds all the time
login technoweenie
password SECRET
login technoweenie
password SECRET
Copy link

miradnan commented Mar 23, 2018

Thanks! Exactly what I needed

Copy link

LiviuLvu commented May 19, 2018

Is it possible to add a default editor within this file?
I am tring to use git pull-request and keep getting this error:
$EDITOR is unset, you will not be able to edit the pull-request message

Copy link

kopax commented Oct 2, 2018

Hi, what about git-credentials and git-credentials-store ?

Copy link

coolaj86 commented Jul 24, 2019

Excerpt from

The Vanilla DevOps Git Credentials & Private Packages Cheatsheet


GIT_ASKPASS and SSH_ASKPASS are probably the least hacky approaches, but not as flexible as some of the others.



echo xxxxxxxx
chmod 0700 ~/


The .gitconfig approach has the advantage of being able to interchange ssh, git, and https urls and you can use granular path matching.


[url ""]
  insteadOf =
[url ""]
  insteadOf =
[url ""]
  insteadOf = ssh://
[url ""]
  insteadOf =

Which you can create by doing this:

git config --global url."".insteadOf "ssh://"
git config --global url."".insteadOf ""
git config --global url."".insteadOf ""
git config --global url."".insteadOf ""


This is nice because it's very granular and you can combine it with the trick above.

git config credential.helper store


[url ""]
  insteadOf = ssh://
    helper = store




login api
password xxxxxxxx

Copy link

Varriount commented Oct 22, 2019

For those in the future wondering why this might not work - as of Go 1.13.x, Go uses proxies when downloading packages and verifying checksums.

In order to bypass the proxies, you'll need to set the environment variables GOPROXY, GONOPROXY, GOSUMDB, GONOSUMDB to the appropriate values.

For example, from the documentation:


This states:

  • Packages matching * are private (and thus the proxy and checksum sites will not be used to download/verify them).
  • Use as the proxy for downloading packages (though note that this does not set the checksum site).
  • Only packages matching "none" should not be proxied (so, unless you have a package called "none", all packages will be proxied). This overrides the first line/the GOPRIVATE variable.

Copy link

kleaver commented Jun 15, 2021

Something interesting I found while testing the .netrc with go+git+GitHub: when using a GitHub personal access token (PAT) for the password in the .netrc, the value given for login can be any arbitrary value, it doesn't need to be the username that the PAT was generated for (it does need to be set to something though).

Copy link

CarlosDomingues commented Feb 9, 2022

Instructions for GitLab folks, as this was one of my first results of Googling "GitLab .netrc":

login oauth2

That enables:

  • Cloning repos with https
  • Accessing some private package registries with https (ex: pypi)
  • Login in GitLab's private container registry using docker login

(of course your <PERSONAL_ACCESS_TOKEN> needs the correct capabilities)

Also, during CI:

    - |
      echo "
      login gitlab-ci-token
      password $CI_JOB_TOKEN
      " > ~/.netrc
    - <stuff>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment