2

I maintain a private repository but want to make one file publicly available.

GitHub documentation states that the CURL command below can retrieve a file:

curl -u username:token https://api.github.com/user

But I would like to provide access through a URL. E.g.

https://username:token@raw.githubusercontent.com/me/repo/master/README.md

This always return a 404. Am I missing something?

Kye
  • 5,570
  • 10
  • 45
  • 81

1 Answers1

3

From "How can I download a single raw file from a private github repo using the command line?", you wouldneed to use a PAT (Personnal Access Token) without the username:

curl -s https://$TOKEN@raw.githubusercontent.com/....

But I would not recommend making that token visible in any way: it would give access to that file and the rest of the repository.

Putting that file in a separate location (be it a separate public repository, or any other online text storage service) would be safer.

VonC
  • 1,129,465
  • 480
  • 4,036
  • 4,755
  • 1
    Strangely that doesn't work through a browser. Is the "-s" adding the token to a http header? – Kye Sep 04 '19 at 05:06
  • Your right. I plan to hide the token behind an API gateway. – Kye Sep 04 '19 at 05:07
  • @Kye -s is for silent. use -kLv, for testing, to check what the error message is. – VonC Sep 04 '19 at 05:20
  • Basic Authentication feature is deprecated by nearly All browsers as Security Problems @Kye – J.Z Apr 23 '20 at 03:18
  • @J.Z Indeed. I just heard the same thing in the 763 installment of Security Now with and from Steve Gibson. Show notes: https://www.grc.com/sn/sn-763-notes.pdf, page 6. – VonC Apr 23 '20 at 05:11