Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

feat: git https credentials for template leak into final repo

See original GitHub issue

Is your feature request related to a problem? Please describe. Currently, copier does not support Git HTTPS template URLs with included credentials. At least not without leaking these credentials into the .copier-answers.yml file of the target repo.

I.e., commands like this are not a great idea, but there exists no workaround:

copier copy https://myuser:secretpw@myrepos.com/repo.git .

Describe the solution you’d like It would be great if credentials for cloning the template could be passed during runtime to copier (i.e. through env variables, cli arguments or separate secret files). For example with a command like:

copier copy \
    --template-clone-username myuser
    --template-clone-password secretpw
    https://myrepos.com/repo.git .

These credentials should then not be saved in the target repo - but instead a future user running copier update must supply his own credentials again.

Issue Analytics

State:
Created 2 years ago
Comments:5 (5 by maintainers)

Top GitHub Comments

4reactions

defrengcommented, Nov 7, 2021

ok 😂 then this ticket is basically about allowing something similar to the SSH usecase, but when SSH is not an option.

This may happen in many cases, such as:

Git can’t be used over SSH because the port is not accessible (i.e. from a corporate network that only allows outgoing HTTP traffic via a proxy)
When using machine authentication (for example GitLab personal access tokens or group deploy tokens), those mechanisms often only provide a username/token for HTTPS authentication

2reactions

pawamoycommented, Oct 29, 2021

Or maybe Copier could detect when git is asking for credentials, and allow the user to input them. It would abort with an error if the force option (no-input option) is used.

Top Results From Across the Web

Git push a branch by https url in bash - Stack Overflow

Since it is a private repo, I have to use the https URL to incorporate the system token to authenticate the push. However,...

gitcredentials Documentation - Git

Static configuration of usernames for a given authentication context. Credential helpers to cache or store passwords, or to interact with a system password...

Issues · copier-org/copier - GitHub

Library and command-line utility for rendering projects templates. ... feat: git https credentials for template leak into final repo enhancement.

Platform One / Big Bang / Customers / template · GitLab

This will deploy the BigBang HelmRelease and patch all above GitRepositories with the https-ca-credentials secret. # Save pull credentials into Git git add...

GitHub Leak: GitHub secrets best practices - GitGuardian Blog

Exposing secrets on GitHub: What to do after leaking credentials and API ... exposed a sensitive file or secrets to a public git...