I'm cloning a git repository in a script like this

git clone https://user:password@host.com/name/.git

This works, but my username and my password! are now stored in the origin url in .git/config .

How can i prevent this in a script so that no manual password is input?

Best Answer

The method that I use is to actually use a git pull instead of a clone. What would the script look like

mkdir repo
cd repo
git init
git config user.email "email"
git config user.name "user"
git pull https://user:password@github.com/name/repo.git master

This will not store your username or password in .git/config . However, unless other steps are taken, the plaintext username and password will be visible while the process is running from commands that show current processes (e.g. ps ).

As brought up in the comments, since this method is using HTTPS you must URL-encode any special characters that may appear in your password as well.

One more suggestion i would make if you can't use ssh is to actually use an oauth token instead of plaintext usernamepassword as this is slightly more secure You can generate an OAuth token from your profile settings: https://github.com/settings/tokens .

Then using that token the pull command would be

git pull https://$OAUTH_TOKEN:x-oauth-basic@github.com/name/repo.git master