hub icon indicating copy to clipboard operation
hub copied to clipboard

Published 20 hours ago verified publisher icon mislav

OAuth token stored on gitconfig file

Open mhalano opened this issue 9 years ago • 10 comments

How can I do to store the OAuth token inside ~/.gitconfig instead ~/.config/hub? I want to do the "!" trick to get the token from my keychain.

mhalano avatar Sep 09 '16 15:09 mhalano

Hello, right now this isn't possible. However, if you don't wish to have the token stored in ~/.config/hub, you can erase it from there, and have your shell rc file populate the GITHUB_TOKEN environment variable by pulling it dynamically from keychain. Hub will then use the token from environment variable and should not prompt for username/password nor store authentication info in ~/.config/hub.

mislav avatar Sep 09 '16 16:09 mislav

@mislav Did you think is could be useful put, optionally, token on gitconfig file?

mhalano avatar Sep 09 '16 20:09 mhalano

It's possible, but I don't want to use the gitconfig file for anything related to hub.

mislav avatar Sep 09 '16 22:09 mislav

Have you a specific reason for that? Tools like going store tokens on gitconfig.

On Fri, Sep 9, 2016, 19:53 Mislav Marohnić [email protected] wrote:

It's possible, but I don't want to use the gitconfig file for anything related to hub.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/github/hub/issues/1259#issuecomment-246062636, or mute the thread https://github.com/notifications/unsubscribe-auth/AFvvR4N464ARfkHohVaLjl5NILgx5YIsks5qoeNNgaJpZM4J5L4I .

Marcos H. Alano

Sent from my Android

mhalano avatar Sep 10 '16 01:09 mhalano

Have you a specific reason for that?

Yes: to allow people to check their gitconfig in version control in case they back up their dotfiles. Lots of people publish their dotfiles on GitHub, and avoiding storing tokens in there reduces the risk of accidentally publishing your GitHub token.

mislav avatar Sep 10 '16 16:09 mislav

Interesting. I always saw as standard to put the token inside gitconfig. Lots of tools do that (the tools which support tokens, of course), so I think keep this option available (but not standard) should be good.

mhalano avatar Sep 15 '16 01:09 mhalano

If users have multiple accounts for work/non-work, what's the best way to have per-project tokens for hub?

lox avatar Sep 27 '16 05:09 lox

@lox If you have multiple GitHub accounts, there is no elegant way. You could create a wrapper script for hub:

#!/bin/bash
set -e

# Check $PWD and set the token for this project accordingly:
export GITHUB_TOKEN="..."

exec hub "$@"

Then you can alias hub=my-hub-wrapper and have hub <command> ... invocations dynamically swap out the token based on criteria that you program into the script.

mislav avatar Sep 27 '16 18:09 mislav

The example shown above would work really well to leverage git 2.13's conditional includes: https://git-scm.com/docs/git-config#_conditional_includes

You could configure git to include additional config settings based on the path of the repo. Then the hub wrapper would merely need to invoke git config hub.user

jasonkarns avatar Jun 26 '17 19:06 jasonkarns

I would like to argue in favor of reading the token from the repo's .gitconfig.

It is the easiest way to configure different accounts per repo.

You could slap a huge warning in the documenation to not do this and explain why. Anyone who does it anyway should be considered an adult who understands the consequences.

I don't see a reason to publish .gitconfig and anyone who wants to publish their dotfiles will have to sanitize them anyway. Hub protects me from something I'll never do at the cost of making it only usable if I write a wrapper for it.

Any chance you might reconsider?

rndusr avatar May 28 '20 10:05 rndusr