Git Push - Username and password in the remote url
A more secured way to authenticate you through GitHub than put your password in the remote URL would be, if you use HTTPS, to generate a new token in this GitHub page and then build your remote URL like this:
https://<username>:<token>@github.com/<username>/<project_name>.git
Git push should not show the password since Git 2.9.3 (August 2016), but, to be on the safe side, Git 2.22 (Q2 2019) improves that even more:
Before, the remote-http transport did not anonymize URLs reported in its error messages at places.
See commit c1284b2 (04 Mar 2019) by Johannes Schindelin (dscho
).
(Merged by Junio C Hamano -- gitster
-- in commit 764bd20, 16 Apr 2019)
curl
: anonymize URLs in error messages and warnings
It anonymizes URLs (read: strips them of user names and especially passwords) in user-facing error messages and warnings.
Before Git 2.27 (Q2 2020), error and verbose trace messages from "git push
" did not redact credential material embedded in URLs.
See commit d192fa5 (24 Apr 2020) by Johannes Schindelin (dscho
).
(Merged by Junio C Hamano -- gitster
-- in commit 2c42fb7, 01 May 2020)
push
: anonymize URLs in error messages and warningsSigned-off-by: Johannes Schindelin
Reviewed-by: Taylor BlauJust like 47abd85ba0 ("
fetch
: Strip usernames from url's before storing them", 2009-04-17, Git v1.6.4-rc0 -- merge) and later 882d49ca5c ("push
: anonymize URL in status output", 2016-07-13, Git v2.10.0-rc0 -- merge listed in batch #7), and even later c1284b21f243 ("curl
: anonymize URLs in error messages and warnings", 2019-03-04, Git v2.22.0-rc0 -- merge listed in batch #5) this change anonymizes URLs (read: strips them of user names and especially passwords) in user-facing error messages and warnings.
Is this a github specific arrangement?
It's not Github specific; this is actually Basic HTTP Authentication. The user:password@host
trick is a way of specifying the BA credentials in the URL.
...can this format be used (https://username:[email protected]/repo.git) with any git remote?
It works only for remotes that use the HTTP protocol. For SSH remotes you'll have to use SSH Keys instead.