4

Inspired by this awesome post on a Git branching model and this one on what a version bumping script actually does, I went about creating my own Git version bumping routine which resulted in a little package called bumpr.

However, I don't like the current way of handling (GitHub) HTTPS credentials. I'm using the solution stated in this post and it works great, but I don't like the fact that I need to store my credentials in plain text in this _netrc file.

So I wondered:

  1. if one could also obfuscate console input when prompting via readline(), scan() or the like in much the same way as when using the Git shell. See code of /R/bump.r at line 454:

    input <- readline(paste0("Password for 'https://", 
  git_user_email, "@github.com': "))
idx <- ifelse(grepl("\\D", input), input, NA)
if (is.na(idx)){
  message("Empty password")
  message("Exiting")
  return(character())
}
git_https_password <- input

  2. how RStudio realizes that a "Insert credentials" box pops up when pushing to a remote Git repository and how they obfuscate the password entry.

  3. if file _netrc is something closely related to the GitHub API or if this works for HTTPS requests in general
Community
  • 1
  • 1
Rappster
  • 12,762
  • 7
  • 71
  • 120
  • 1
    I once did battle with GitHub API and through the combined efforts of many great minds produced one little R function to send a local repo to GitHub as a new repo. The code uses `_netcr`. It may be of use to you https://github.com/trinker/qdapTools/blob/master/R/repo2github.R Can't promise it's best practice but there may be useful stuff in there. – Tyler Rinker Sep 23 '14 at 02:37
  • Thanks man. It was your effort in the post I linked to that got me going in the first place! :-) I'll check that out, thanks a lot! – Rappster Sep 23 '14 at 02:38
  • Yeah the best I could come up with is to store the password in the user's home directory. Dason K. advised this over the temp as it may be accessed by others (if I remember correctly). The function attempts to delete the script but this can't be guaranteed. I suppose you could check to see if it was deleted with `file.exists` but even then if the function errored before this step the deletion may not occur. – Tyler Rinker Sep 23 '14 at 03:07
  • 2
    For github, you should be using personal access tokens, e.g. https://github.com/hadley/devtools/blob/master/R/github.R#L38 – hadley Sep 23 '14 at 17:24
  • Aha! Thanks Hadley, didn't know that. – Rappster Sep 23 '14 at 17:31

1 Answers1

1

Git has a mechanism to store, cache or prompt for credentials. Please read http://git-scm.com/docs/gitcredentials.

Within a script, you can use the git credential command to access it: http://git-scm.com/docs/git-credential

Matthieu Moy
  • 15,151
  • 5
  • 38
  • 65