21

From a Bash script I would like to supply a password. I have tried the following:

echo 'mypass' | git pull

git pull < 'mypass'

git pull < echo 'mypass'

None seem to work.

Improve this question
5
  • 1
    Quick question: why? Commented Jul 4, 2015 at 8:25
  • 2
    @TheGeorgeous it is for an automatic deploy script for the app tester. There is a lot more in the script than simply pulling code from the repo. Commented Jul 4, 2015 at 9:06
  • @jax, wonder if you could finally find a solution. Commented Aug 22, 2019 at 18:39
  • Can't remember how now. I think I did find a way though. Commented Sep 5, 2019 at 8:30
  • This answer contains a sample bash script that works with git's credential API. Commented Aug 6, 2021 at 17:43

4 Answers 4

Reset to default
18

  1. Create file git_password.sh with content:

    #!/bin/sh
exec echo "$GIT_PASSWORD"

  2. Assign your password to the GIT_PASSWORD environment variable

    $ GIT_PASSWORD=your_password

  3. Execute git command with GIT_ASKPASS environment variable. It will force password prompt and execute git_password.sh as callback:

    $ GIT_ASKPASS=./git_password.sh git clone $REPO
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

It is only simple solution when you need to clone repository from shell script, because you have no git environment in the current folder yet.
You can also use parameter -c "core.askPass=/path/askpass.sh".
Running the same in Python: subprocess.run(['git', 'clone', '-c', 'core.askPass='+ROOT_PATH+'\git_password.sh', 'https://username@url_to_git_repo.git'])
10

gitcredentials is the answer:

DESCRIPTION

Git will sometimes need credentials from the user in order to perform operations; for example, it may need to ask for a username and password in order to access a remote repository over HTTP. This manual describes the mechanisms Git uses to request these credentials, as well as some features to avoid inputting these credentials repeatedly.

[...]

REQUESTING CREDENTIALS

Without any credential helpers defined, Git will try the following strategies to ask the user for usernames and passwords:

  1. If the GIT_ASKPASS environment variable is set, the program specified by the variable is invoked. A suitable prompt is provided to the program on the command line, and the user’s input is read from its standard output.
  2. Otherwise, if the core.askPass configuration variable is set, its value is used as above.
  3. Otherwise, if the SSH_ASKPASS environment variable is set, its value is used as above.
  4. Otherwise, the user is prompted on the terminal.

[...]

Credential helpers, on the other hand, are external programs from which Git can request both usernames and passwords; they typically interface with secure storage provided by the OS or other programs.

You may also have third-party helpers installed; search for credential-* in the output of git help -a, and consult the documentation of individual helpers. Once you have selected a helper, you can tell Git to use it by putting its name into the credential.helper variable.

git help -a | grep credential-* shows the following helper:

  credential                remote
  credential-cache          remote-ext
  credential-cache--daemon  remote-fd
  credential-osxkeychain    remote-ftp
  credential-store          remote-ftps
Improve this answer

3 Comments

git help -a | grep credentials-* should be git help -a | grep credential-*
@Cpt.Senkfuss Thx for correction. I fixed the answer.
To set core.askPass use git config --global core.askPass "new-value". To view the config value use git config --global core.askPass (without new value). Note that instead of --global, there is also --system scope (and --local scope, but only after a repo has been cloned).
7

It is possible to include the password in the definition of your remote like so:

https://user:password@server

Like this you do not need to provide it for each pull.

(Much like the solution suggested in How do I provide a username and password when running “git clone [email protected]”?.)

Warning: A better approach would be to use SSH instead of HTTPS and store your public key with GitHub. Because credentials in the remote url might land in the command history, scripts or configuration files and can then be seen by others.

Improve this answer

2 Comments

should this be dangerous? password saved in git log?
The URL (incl. password) will be stored in plain text in .git/config as remote URL. Thus, everyone with access to the cloned repo will be able to see the password. Furthermore, this URL is likely to be sent over the network again to initiate connection with the remote. Overall, this approach is the least secure.
3

The main techniques for feeding an input to a Bash scripts are at "Automatically enter input in command line":

echo 'mypass' | git pull
# or
printf 'mypass\n' | git pull

Since Git 1.8.3, I prefer using a Git credential netrc helper which will fetch and feed the right password for me.

Since Git 2.x, a git credential helper is preferable.
The most recent one (2022) is Microsoft (but cross-platform) GCM (Git Credential Manager).

Its documentation now mentions tokens in addition of password, with Git 2.39 (Q4 2022):

See commit 54e95b4 (08 Nov 2022) by M Hickford (hickford).
(Merged by Taylor Blau -- ttaylorr -- in commit dc8be39, 14 Nov 2022)

Documentation/gitcredentials.txt: mention password alternatives

Signed-off-by: M Hickford
Signed-off-by: Taylor Blau

Git asks for a "password", but the user might use a personal access token or OAuth access token instead.

Example:

Password for 'https://[email protected]':

gitcredentials now includes in its man page:

Git will sometimes need credentials from the user in order to perform operations; for example, it may need to ask for a username and password in order to access a remote repository over HTTP.

Some remotes accept a personal access token or OAuth access token as a password.

This manual describes the mechanisms Git uses to request these credentials, as well as some features to avoid inputting these credentials repeatedly.

Note that with Git 2.39 (Q4 2022), credentials can be also generated, not just cached.

See commit dabb9d8 (12 Nov 2022) by M Hickford (hickford).
(Merged by Junio C Hamano -- gitster -- in commit c197977, 23 Nov 2022)

Docs: describe how a credential-generating helper works

Signed-off-by: M Hickford
Signed-off-by: Taylor Blau

Previously the docs only described storage helpers.

A concrete example: Git Credential Manager can generate credentials for GitHub and GitLab via OAuth.
https://github.com/GitCredentialManager/git-credential-manager

gitcredentials now includes in its man page:

storage provided by the OS or other programs. Alternatively, a credential-generating helper might generate credentials for certain servers via some API.

gitcredentials now includes in its man page:

If it does not support the requested operation (e.g., a read-only store or generator), it should silently ignore the request.

Improve this answer

8 Comments

I think think the \n may be what I was missing. The password may have entered but the enter key was never pressed, thus is never executed. I will need to try this on Monday.
Using printf 'mypass\n' | git pull didn't work after all.
@jax What OS, bash and git version are you using?
Fedora 20 with default bash
Not sure what git version but probably the latest available from the repo
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.