How do I provide a username and password when running “git clone git@remote.git”?

Question

I know how to provide a username and password to an HTTPS request like this:

git clone https://username:password@remote

But I\'d like to kn

Answer 1

In the comments of @Bassetassen's answer, @plosco mentioned that you can use git clone https://@github.com/username/repository.git to clone from GitHub at the very least. I thought I would expand on how to do that, in case anyone comes across this answer like I did while trying to automate some cloning.

GitHub has a very handy guide on how to do this, but it doesn't cover what to do if you want to include it all in one line for automation purposes. It warns that adding the token to the clone URL will store it in plaintext in .git/config. This is obviously a security risk for almost every use case, but since I plan on deleting the repo and revoking the token when I'm done, I don't care.

1. Create a Token

GitHub has a whole guide here on how to get a token, but here's the TL;DR.

1. Go to Settings > Developer Settings > Personal Access Tokens (here's a direct link)
2. Click "Generate a New Token" and enter your password again. (here's another direct link)
3. Set a description/name for it, check the "repo" permission and hit the "Generate token" button at the bottom of the page.
4. Copy your new token before you leave the page

2. Clone the Repo

Same as the command @plosco gave, git clone https://@github.com//.git, just replace , and with whatever your info is.

If you want to clone it to a specific folder, just insert the folder address at the end like so: git clone https://@github.com// , where is, you guessed it, the folder to clone it to! You can of course use ., .., ~, etc. here like you can elsewhere.

3. Leave No Trace

Not all of this may be necessary, depending on how sensitive what you're doing is.

• You probably don't want to leave that token hanging around if you have no intentions of using it for some time, so go back to the tokens page and hit the delete button next to it.
• If you don't need the repo again, delete it rm -rf .
• If do need the repo again, but don't need to automate it again, you can remove the remote by doing git remote remove origin or just remove the token by running git remote set-url origin https://github.com//.
• Clear your bash history to make sure the token doesn't stay logged there. There are many ways to do this, see this question and this question. However, it may be easier to just prepend all the above commands with a space in order to prevent them being stored to begin with.

Note that I'm no pro, so the above may not be secure in the sense that no trace would be left for any sort of forensic work.