From a Bash script I would like to supply a password. I have tried the following:
echo 'mypass' | git pull
git pull < 'mypass'
git pull < echo 'mypass'
None seem to work.
Asked
Active
Viewed 3.2k times
19
Peter Mortensen
- 30,738
- 21
- 105
- 131
jax
- 37,735
- 57
- 182
- 278
-
1Quick question: why? – TheGeorgeous Jul 04 '15 at 08:25
-
1@TheGeorgeous it is for an automatic deploy script for the app tester. There is a lot more in the script than simply pulling code from the repo. – jax Jul 04 '15 at 09:06
-
@jax, wonder if you could finally find a solution. – sergeyan Aug 22 '19 at 18:39
-
Can't remember how now. I think I did find a way though. – jax Sep 05 '19 at 08:30
-
[This answer](https://stackoverflow.com/a/68602613/1803897) contains a sample bash script that works with git's credential API. – Roland Puntaier Aug 06 '21 at 17:43
4 Answers
15
Create file
git_password.shwith content:#!/bin/sh exec echo "$GIT_PASSWORD"Assign your password to the GIT_PASSWORD environment variable
$ GIT_PASSWORD=your_passwordExecute git command with GIT_ASKPASS environment variable. It will force password prompt and execute git_password.sh as callback:
$ GIT_ASKPASS=./git_password.sh git clone $REPO
Sergey Bezugliy
- 580
- 7
- 23
-
It is only simple solution when you need to clone repository from shell script, because you have no git environment in the current folder yet. – Sergey Bezugliy Mar 29 '19 at 13:31
-
2
-
Running the same in Python: `subprocess.run(['git', 'clone', '-c', 'core.askPass='+ROOT_PATH+'\git_password.sh', 'https://username@url_to_git_repo.git'])` – Vladislav Povorozniuc Jan 16 '23 at 20:39
8
gitcredentials is the answer:
DESCRIPTION
Git will sometimes need credentials from the user in order to perform operations; for example, it may need to ask for a username and password in order to access a remote repository over HTTP. This manual describes the mechanisms Git uses to request these credentials, as well as some features to avoid inputting these credentials repeatedly.
[...]
REQUESTING CREDENTIALS
Without any credential helpers defined, Git will try the following strategies to ask the user for usernames and passwords:
- If the
GIT_ASKPASSenvironment variable is set, the program specified by the variable is invoked. A suitable prompt is provided to the program on the command line, and the user’s input is read from its standard output.- Otherwise, if the
core.askPassconfiguration variable is set, its value is used as above.- Otherwise, if the
SSH_ASKPASSenvironment variable is set, its value is used as above.- Otherwise, the user is prompted on the terminal.
[...]
Credential helpers, on the other hand, are external programs from which Git can request both usernames and passwords; they typically interface with secure storage provided by the OS or other programs.
You may also have third-party helpers installed; search for
credential-*in the output ofgit help -a, and consult the documentation of individual helpers. Once you have selected a helper, you can tell Git to use it by putting its name into thecredential.helpervariable.
git help -a | grep credential-* shows the following helper:
credential remote
credential-cache remote-ext
credential-cache--daemon remote-fd
credential-osxkeychain remote-ftp
credential-store remote-ftps
-
1`git help -a | grep credentials-*` should be `git help -a | grep credential-*` – Cpt. Senkfuss Feb 03 '17 at 14:58
-
-
To set `core.askPass` use `git config --global core.askPass "new-value"`. To view the config value use `git config --global core.askPass` (without new value). Note that instead of `--global`, there is also `--system` scope (and `--local` scope, but only after a repo has been cloned). – mihca Sep 22 '21 at 14:12
6
It is possible to include the password in the definition of your remote like so:
https://user:password@server
Like this you do not need to provide it for each pull.
(Much like the solution suggested in How do I provide a username and password when running “git clone git@remote.git”?.)
Warning: A better approach would be to use SSH instead of HTTPS and store your public key with GitHub. Because credentials in the remote url might land in the command history, scripts or configuration files and can then be seen by others.
Boris Däppen
- 1,186
- 7
- 20
Sebastian P.
- 818
- 8
- 20
-
1
-
The URL (incl. password) will be stored in plain text in `.git/config` as remote URL. Thus, everyone with access to the cloned repo will be able to see the password. Furthermore, this URL is likely to be sent over the network again to initiate connection with the remote. Overall, this approach is the least secure. – mihca Sep 22 '21 at 14:03
2
The main techniques for feeding an input to a Bash scripts are at "Automatically enter input in command line":
echo 'mypass' | git pull
# or
printf 'mypass\n' | git pull
Since Git 1.8.3, I prefer using a Git credential netrc helper which will fetch and feed the right password for me.
Since Git 2.x, a git credential helper is preferable.
The most recent one (2022) is Microsoft (but cross-platform) GCM (Git Credential Manager).
Its documentation now mentions tokens in addition of password, with Git 2.39 (Q4 2022):
See commit 54e95b4 (08 Nov 2022) by M Hickford (hickford).
(Merged by Taylor Blau -- ttaylorr -- in commit dc8be39, 14 Nov 2022)
Documentation/gitcredentials.txt: mention password alternativesSigned-off-by: M Hickford
Signed-off-by: Taylor Blau
Git asks for a "password", but the user might use a personal access token or OAuth access token instead.
Example:
Password for 'https://AzureDiamond@github.com':
gitcredentials now includes in its man page:
Git will sometimes need credentials from the user in order to perform operations; for example, it may need to ask for a username and password in order to access a remote repository over HTTP.
Some remotes accept a personal access token or OAuth access token as a password.
This manual describes the mechanisms Git uses to request these credentials, as well as some features to avoid inputting these credentials repeatedly.
Note that with Git 2.39 (Q4 2022), credentials can be also generated, not just cached.
See commit dabb9d8 (12 Nov 2022) by M Hickford (hickford).
(Merged by Junio C Hamano -- gitster -- in commit c197977, 23 Nov 2022)
Docs: describe how a credential-generating helper worksSigned-off-by: M Hickford
Signed-off-by: Taylor Blau
Previously the docs only described storage helpers.
A concrete example: Git Credential Manager can generate credentials for GitHub and GitLab via OAuth.
https://github.com/GitCredentialManager/git-credential-manager
gitcredentials now includes in its man page:
storage provided by the OS or other programs. Alternatively, a credential-generating helper might generate credentials for certain servers via some API.
gitcredentials now includes in its man page:
If it does not support the requested operation (e.g., a read-only store or generator), it should silently ignore the request.
VonC
- 1,262,500
- 529
- 4,410
- 5,250
-
I think think the `\n` may be what I was missing. The password may have entered but the enter key was never pressed, thus is never executed. I will need to try this on Monday. – jax Jul 04 '15 at 09:16
-
1
-
-
-
-
-
-