Home > Software engineering >  Using a GitHub fine-grained token with git pull over HTTPS
Using a GitHub fine-grained token with git pull over HTTPS

Time:11-19

Question:

Is there a way to combine the advantages of GitHub's fine-grained PATs with the simplicity of git pull over HTTPS? If so, then how?

Background

GitHub has "classic" and "fine-grained" personal access tokens (PATs):

enter image description here

Go to Settings > Developer Settings to see these.

I have been using a classic PAT to run git pull commands over HTTPS, to pull the latest commits from GitHub:

git pull https://${token}@github.com/${owner}/${repo}.git

This works without prompting for a password (I keep the PAT's expiration period reasonably short).

I cannot just (naively) substitute a new fine-grained token for the classic token in my git pull command. It prompts me for a password. (It is treated as a user ID, I assume.)

Fine-grained PATs certainly work with the GitHub enter image description here

The Fine token assigned all repository or specific repositories only. And assign enter image description here

This also automatically sets the Metadata (read-only) permission, as well.

  1. I did NOT need or grant any Account permissions.

On my server:

This is a headless Linux box. I do not have any 3rd party key stores integrated with Git (for example, no libsecret).

I chose to use the Git-provided store. Although this stores credentials in plaintext, it's no less secure (in my opinion) than SSH keys stored in .ssh. This is acceptable for my situation - and is far better than what I have been doing (placing a token directly in the URL of the pull command).

Specific one-time set-up commands:

git config --global credential.helper store
git config --global credential.useHttpPath true

That creates the following in my global .gitconfig file:

[credential]
        helper = store
        useHttpPath = true

Then, in my Git repo directory, I run a simple pull:

git pull https://github.com/${owner}/${repo}.git

As a one-time step, I have to manually provide my user ID and the PAT at the prompts.

These credentials are stored in a new (for me) .git-credentials file. The format of the credentials is:

https://<user ID>:<fine-grained PAT>@github.com/<owner>/<repo>.git

I can repeat this process for more repos, each with their own PAT, as needed.

When I execute subsequent git pull commands, the relevant URL-specific credentials from the store are used - no command line interaction is needed.

Page link:https//www.codepudding.com/Softwareengineering/615375.html

Prev:Solve PR merge conflict when merging feature into test from main
Next:I should have checked out from another branch in Git, how do I fix it?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding