I'm cloning a git repository in a script like this
git clone https://user:email@example.com/name/.git
This works, but my username and my password! are now stored in the origin url in
How can i prevent this in a script so that no manual password is input?
The method that I use is to actually use a
git pull instead of a clone. What would the script look like
mkdir repo cd repo git init git config user.email "email" git config user.name "user" git pull https://user:firstname.lastname@example.org/name/repo.git master
This will not store your username or password in
.git/config . However, unless other steps are taken, the plaintext username and password will be visible while the process is running from commands that show current processes (e.g.
As brought up in the comments, since this method is using HTTPS you must URL-encode any special characters that may appear in your password as well.
One more suggestion i would make if you can't use ssh is to actually use an oauth token instead of plaintext usernamepassword as this is slightly more secure You can generate an OAuth token from your profile settings: https://github.com/settings/tokens .
Then using that token the pull command would be
git pull https://$OAUTH_TOKEN:email@example.com/name/repo.git master