Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

feat: git https credentials for template leak into final repo

See original GitHub issue

Is your feature request related to a problem? Please describe. Currently, copier does not support Git HTTPS template URLs with included credentials. At least not without leaking these credentials into the .copier-answers.yml file of the target repo.

I.e., commands like this are not a great idea, but there exists no workaround:

copier copy .

Describe the solution you’d like It would be great if credentials for cloning the template could be passed during runtime to copier (i.e. through env variables, cli arguments or separate secret files). For example with a command like:

copier copy \
    --template-clone-username myuser
    --template-clone-password secretpw .

These credentials should then not be saved in the target repo - but instead a future user running copier update must supply his own credentials again.

Issue Analytics

  • State:open
  • Created 2 years ago
  • Comments:5 (5 by maintainers)

github_iconTop GitHub Comments

defrengcommented, Nov 7, 2021

ok 😂 then this ticket is basically about allowing something similar to the SSH usecase, but when SSH is not an option.

This may happen in many cases, such as:

  • Git can’t be used over SSH because the port is not accessible (i.e. from a corporate network that only allows outgoing HTTP traffic via a proxy)
  • When using machine authentication (for example GitLab personal access tokens or group deploy tokens), those mechanisms often only provide a username/token for HTTPS authentication
pawamoycommented, Oct 29, 2021

Or maybe Copier could detect when git is asking for credentials, and allow the user to input them. It would abort with an error if the force option (no-input option) is used.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Git push a branch by https url in bash - Stack Overflow
Since it is a private repo, I have to use the https URL to incorporate the system token to authenticate the push. However,...
Read more >
gitcredentials Documentation - Git
Static configuration of usernames for a given authentication context. Credential helpers to cache or store passwords, or to interact with a system password...
Read more >
Issues · copier-org/copier - GitHub
Library and command-line utility for rendering projects templates. ... feat: git https credentials for template leak into final repo enhancement.
Read more >
Platform One / Big Bang / Customers / template · GitLab
This will deploy the BigBang HelmRelease and patch all above GitRepositories with the https-ca-credentials secret. # Save pull credentials into Git git add...
Read more >
GitHub Leak: GitHub secrets best practices - GitGuardian Blog
Exposing secrets on GitHub: What to do after leaking credentials and API ... exposed a sensitive file or secrets to a public git...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found