Automate Git Authentication with HTTP
You have git repositories setup for http access,
and you want to access automatically without typing your password.
Set up an access token
Generate an access token for GitHub:
- Go to Personal access tokens and click Generate new token.
- In the next screen name it Personal Token (the name doesn’t matter), and check every option except “delete_repo”. This is for security, so if you want to remove the repository you have to do it manually from the web.
- Click Generate new token and copy it to a safe location.
Check that the token works:
curl -u MYTOKEN:x-oauth-basic https://api.github.com/user- Replace MYTOKEN with your token obviously.
- If you don’t have curl,
brew install curlusing Homebrew. - If you want to clear the token from your bash history type:
history -c.
Create a .netrc file
.netrc is a file in your home directory that has the information that enables authenticated HTTP/HTTPS logins. Google it.
- Edit the file (mate is my editor):
mate ~/.netrc- Paste this content (replace TOKEN with your personal token)
machine github.com
login janopoq
password TOKEN
protocol httpsAt this point it clones using git and http/https without user interaction.
When we created the SSH key, we protected it with a password, but the .netrc key is unprotected. This means that anyone with physical access to your computer while your user is logged can dump the .netrc. If this is a concern for you, here is how to protect it with GPG.
Encrypt .netrc with GPG
- Install GPG using Homebrew.
brew install gpg- Replace pinentry with a mac compatible version:
brew install pinentry-mac
echo "pinentry-program /usr/local/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf
killall gpg-agent- To create a GPG key type the following and carefully follow the instructions. Be aware it will ask you for a password to protect your key.
gpg --gen-key- Replace
.netrcwith an encrypted version:
gpg -e -r jano@jano.com.es ~/.netrc
git config --global credential.helper "netrc -f ~/.netrc.gpg -v"
chmod 600 ~/.netrc.gpg
rm .netrcNow try again for the final test. Be aware it will ask you for the GPG password you set before.
git clone https://github.com/account/someproject.gitThis will present you with a GUI asking for your GPG password and offering to store it in the keychain. You won’t have to type it everytime.