201

I want to do this command in one line: 

git pull && [my passphrase]

How to do it?

Uwe Keim
  • 39,551
  • 56
  • 175
  • 291
Anton Medvedev
  • 3,393
  • 3
  • 28
  • 40
  • 1
    you can change your passphrase to be empty by following this: https://help.github.com/articles/working-with-ssh-key-passphrases – jacerate Jul 16 '12 at 14:12
  • 2
    You could sidestep the need to type in a passphrase if you run ssh agent. The first time you do a git pull, you do it interactively, and ssh agent will remember your private key and you can run git pull without being prompted. – Tim Finer Jul 16 '12 at 14:14

9 Answers9

211

This is not exactly what you asked for, but for http(s):

  • you can put the password in .netrc file (_netrc on windows). From there it would be picked up automatically. It would go to your home folder with 600 permissions.
  • you could also just clone the repo with https://user:pass@domain/repo but that's not really recommended as it would show your user/pass in a lot of places...
  • a new option is to use the credential helper. Note that credentials would be stored in clear text in your local config using standard credential helper. credential-helper with wincred can be also used on windows.

Usage examples for credential helper

  • git config credential.helper store - stores the credentials indefinitely.
  • git config credential.helper 'cache --timeout=3600'- stores for 60 minutes

For ssh-based access, you'd use ssh agent that will provide the ssh key when needed. This would require generating keys on your computer, storing the public key on the remote server and adding the private key to relevant keystore.

eis
  • 51,991
  • 13
  • 150
  • 199
  • 3
    Can you elaborate on the SSH part? I'm configuring an EC2 instance, and I would like it to pull without requesting my password and the AWS autoscale. This public/private scheme looks like a good solution. – Pedro Dusso Apr 21 '15 at 11:15
  • 1
    @PedroDusso sounds like [this thread](http://stackoverflow.com/questions/7832586/setting-up-git-on-ec2-to-pull-from-github-repo) is what you're after – eis Apr 22 '15 at 06:54
  • 2
    i ended using the deploy keys mechanism, which appears to be a good solution. Thanks! – Pedro Dusso Apr 23 '15 at 14:28
  • I posted an answer below, but I ended up using access tokens as none of these methods seemed ideal for my use case. – Bix Mar 12 '21 at 19:50
  • "git config credential.helper store" doesn't work unless you're already in a directory controlled by git (therefore not useful for cloning) – Oscar Mar 02 '22 at 00:43
  • @Oscar yes, but works for pulling, which was in the question. You could also do `git config --global credential.helper` for global configuration if needed. – eis Mar 02 '22 at 06:42
  • Password authentication (https://user:pw@repo) has been removed from github at least. See https://docs.github.com/en/get-started/getting-started-with-git/about-remote-repositories#cloning-with-https-urls For github, if you use Single Sign On, see https://docs.github.com/articles/authenticating-to-a-github-organization-with-saml-single-sign-on/ – Dan Anderson Jan 23 '23 at 18:37
189

I found one way to supply credentials for a https connection on the command line. You just need to specify the complete URL to git pull and include the credentials there:

git pull https://username:password@mygithost.com/my/repository

You do not need to have the repository cloned with the credentials before, this means your credentials don't end up in .git/config. (But make sure your shell doesn't betray you and stores the command line in a history file.)

holgero
  • 2,640
  • 1
  • 13
  • 17
  • password are not required, and this is unsecure to write password this way – meteor Nov 30 '15 at 13:20
  • 1
    isn't this one of the things I listed in the accepted answer, already in 2012? – eis Dec 01 '15 at 15:51
  • 10
    @eis: Not exactly. The point is that you don't need to *clone* the repository with the URL that includes the credentials, but still can *pull* from the URL with credentials. The effect is that the credentials don't end up in the .git/config file. – holgero Dec 15 '15 at 19:21
  • Ah. Thank you for the clarification. Didn't read the answer as well as I should have. – eis Dec 15 '15 at 19:24
  • 10
    If you omit the `:password` part, you will be prompted for the password after hitting enter. That way, your password will not be saved in the bash history. – Matthias Fischer Dec 07 '17 at 16:23
  • 2
    Yes @PramodGarg use - git pull https://username:password@mygithost.com/my/repository.git Branch – PAVITRA Feb 15 '19 at 05:06
  • Got it, Thanks :) – Pramod Garg Feb 15 '19 at 09:29
  • Yes, history will definitely betray you, however if you're worried about such things (as you likely should be), put a single space before entering the command and it won't get added to the command history. – NekoKikoushi Jul 08 '20 at 14:05
  • Using the URL instead of `git pull origin` will mess up the reference to remote commit. As I understand, it updates the `FETCH_HEAD` tag, but not the `origin/*` branch. See https://stackoverflow.com/questions/4052788/git-says-local-branch-is-ahead-of-remote-after-having-pulled-from-remote – mihca Dec 22 '21 at 09:47
20

Using the credentials helper command-line option:

git -c credential.helper='!f() { echo "password=mysecretpassword"; }; f' git pull

Or if you also want to enter the username:

git -c credential.helper='!f() { echo "username=myusername"; echo "password=mysecretpassword"; }; f' git pull
sotirov
  • 133
  • 7
Jether
  • 551
  • 3
  • 8
  • Or if you also want to enter the username too: git -c credential.helper='!f() { echo "username=myusername"; echo "password=mysecretpassword"; }; f' git pull – sotirov Jul 12 '23 at 14:35
17

Below cmd will work if we dont have @ in password: git pull https://username:pass@word@mygithost.com/my/repository If you have @ in password then replace it by %40 as shown below: git pull https://username:pass%40word@mygithost.com/my/repository

Sagar Deshmukh
  • 384
  • 3
  • 4
11

I just went through this so supplying my answer as I ended up using Gitlab access tokens although some may need Github access tokens

I would prefer to use SSH but there is a gitlab bug preventing that. Putting my password in .netrc or the URL is not ideal. Credential manager needs to be restarted on server reboot which is not ideal.

Hence I opted for an access token which can be used like so: git clone https://<username>:<accessToken>@gitlab.com/ownerName/projectName.git

The access token is stored with the url so this is not secure but it is more secure than using username:password since an access token can be restricted to certain operations and can be revoked easily.

Once it's cloned down (or the URL is manually updated) all your git requests will use the access token since it's stored in the URL.

These commands may be helpful if you wish to update a repo you've already cloned:

git remote show origin

git remote remove origin

git remote add origin https://<username>:<accessToken>@gitlab.com/ownerName/projectName.git

Edit: Be sure to check the comments below. I added 2 important notes.

Bix
  • 760
  • 8
  • 22
  • Update: Gitlab has both user access and project access tokens. If you use an SSO provider like Okta you will need to use project access tokens. User tokens will require constant re-validation through SSO making them unusable for automated processes. – Bix Aug 03 '21 at 21:25
  • Update 2: One liner to update the remote ```git remote set-url origin https://:@gitlab.com/ownerName/projectName.git``` – Bix Aug 30 '21 at 21:01
6

I did not find the answer to my question after searching Google & stackoverflow for a while so I would like to share my solution here.

git config --global credential.helper "/bin/bash /git_creds.sh"
echo '#!/bin/bash' > /git_creds.sh
echo "sleep 1" >> /git_creds.sh
echo "echo username=$SERVICE_USER" >> /git_creds.sh
echo "echo password=$SERVICE_PASS" >> /git_creds.sh

# to test it
git clone https://my-scm-provider.com/project.git

I did it for Windows too. Full answer here

vdsbenoit
  • 321
  • 3
  • 7
5

Note that the way the git credential helper "store" will store the unencrypted passwords changes with Git 2.5+ (Q2 2014).
See commit 17c7f4d by Junio C Hamano (gitster)

credential-xdg

Tweak the sample "store" backend of the credential helper to honor XDG configuration file locations when specified.

The doc now say:

If not specified:

  • credentials will be searched for from ~/.git-credentials and $XDG_CONFIG_HOME/git/credentials, and
  • credentials will be written to ~/.git-credentials if it exists, or $XDG_CONFIG_HOME/git/credentials if it exists and the former does not.
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
5

If you are looking to do this in a CI/CD script on Gitlab (gitlab-ci.yml). You could use

git pull $CI_REPOSITORY_URL

which will translate to something like:

git pull https://gitlab-ci-token:[MASKED]@gitlab.com/gitlab-examples/ci-debug-trace.gi

And I'm pretty sure the token it uses is a ephemeral/per job token - so the security hole with this method is greatly reduced.

MountainAsh
  • 428
  • 6
  • 12
0

You can simply do this:

eval $(ssh-agent -s)

echo "password" | ssh-add ~/.ssh/id_rsa

git pull origin master
SwissCodeMen
  • 4,222
  • 8
  • 24
  • 34
A.Paudel
  • 1
  • 1