11

As I understand password prompt when pushing to github can be avoided by adding the username:password in the remote push url. 

https://you:password@github.com/you/example.git

Is this a github specific arrangement or can this format be used (https://username:password@somedomain.org/repo.git) with any git remote?

Community
  • 1
  • 1
chamilad
  • 1,549
  • 3
  • 22
  • 39
  • 5
    The `user:password@host` pattern is not git-specific; it is [Basic HTTP Authentication](http://stackoverflow.com/q/2716990/390819). I think it does not work on `ssh://` git remotes. – Cristian Lupascu Oct 24 '14 at 09:24
  • Thanks @w0lf! Is there any way to automate pushing to remote repository? – chamilad Oct 24 '14 at 15:40
  • 1
    `git push` is a command that can be entered in the command line or in scripts. So, yes, you can automate it in any way you like. – Cristian Lupascu Oct 24 '14 at 15:45
  • What I meant was is there a way to automate pushing without prompting for a username and password? Let's say the username and the password is available at the code? – chamilad Oct 24 '14 at 15:53
  • I don't know if you can do that. You might want to try using SSH keys instead, if possible. – Cristian Lupascu Oct 24 '14 at 16:03
  • Ok. Thanks @wolf! Could you add the first comment as an answer so I can accept it? :) – chamilad Oct 25 '14 at 09:26

4 Answers4

7

A more secured way to authenticate you through GitHub than put your password in the remote URL would be, if you use HTTPS, to generate a new token in this GitHub page and then build your remote URL like this:

https://<username>:<token>@github.com/<username>/<project_name>.git
Hadrien TOMA
  • 1,947
  • 1
  • 22
  • 31
4

Is this a github specific arrangement?

It's not Github specific; this is actually Basic HTTP Authentication. The user:password@host trick is a way of specifying the BA credentials in the URL.

...can this format be used (https://username:password@somedomain.org/repo.git) with any git remote?

It works only for remotes that use the HTTP protocol. For SSH remotes you'll have to use SSH Keys instead.

Community
  • 1
  • 1
Cristian Lupascu
  • 37,084
  • 15
  • 94
  • 135
3

Git push should not show the password since Git 2.9.3 (August 2016), but, to be on the safe side, Git 2.22 (Q2 2019) improves that even more:

Before, the remote-http transport did not anonymize URLs reported in its error messages at places.

See commit c1284b2 (04 Mar 2019) by Johannes Schindelin (dscho).
(Merged by Junio C Hamano -- gitster -- in commit 764bd20, 16 Apr 2019)

curl: anonymize URLs in error messages and warnings

It anonymizes URLs (read: strips them of user names and especially passwords) in user-facing error messages and warnings.

Before Git 2.27 (Q2 2020), error and verbose trace messages from "git push" did not redact credential material embedded in URLs.

See commit d192fa5 (24 Apr 2020) by Johannes Schindelin (dscho).
(Merged by Junio C Hamano -- gitster -- in commit 2c42fb7, 01 May 2020)

push: anonymize URLs in error messages and warnings

Signed-off-by: Johannes Schindelin
Reviewed-by: Taylor Blau

Just like 47abd85ba0 ("fetch: Strip usernames from url's before storing them", 2009-04-17, Git v1.6.4-rc0 -- merge) and later 882d49ca5c ("push: anonymize URL in status output", 2016-07-13, Git v2.10.0-rc0 -- merge listed in batch #7), and even later c1284b21f243 ("curl: anonymize URLs in error messages and warnings", 2019-03-04, Git v2.22.0-rc0 -- merge listed in batch #5) this change anonymizes URLs (read: strips them of user names and especially passwords) in user-facing error messages and warnings.

Community
  • 1
  • 1
VonC
  • 1,129,465
  • 480
  • 4,036
  • 4,755
1

You can make your local Git remember the GitHub credentials:

If you're cloning GitHub repositories using HTTPS, you can use a credential helper to tell Git to remember your GitHub username and password every time it talks to GitHub.

Chekout this article on GitHub.

rsjethani
  • 2,081
  • 6
  • 24
  • 30