GitHub goes passwordless, announces passkeys beta preview - eviltoast
  • f(loat || loathe)@burggit.moe
    link
    fedilink
    arrow-up
    7
    ·
    edit-2
    1 year ago

    I just got a repo token and do git add remote origin https://REPO_TOKEN@github.com/username/repo.git and say bye-bye to usernames and passwords. Easiest pushes and pulls ever with private, public or org repos.

    • dbx12@programming.dev
      link
      fedilink
      arrow-up
      13
      ·
      edit-2
      1 year ago

      But now you have the only credential, the REPO_TOKEN in plaintext in your .git/config file. That’s even worse.

      Edit: typo

      • MostlyHarmless@programming.dev
        link
        fedilink
        arrow-up
        5
        arrow-down
        2
        ·
        1 year ago

        That’s how a lot of tools work. Your maven password is in .m2/settings.xml

        Your ssh private key is in .ssh/id_rsa

        The only person with access to these files should be you. If anyone else does then your machine is compromised

        • HairHeel@programming.dev
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          we’re talking about a hypothetical one-off situation on a computer that isn’t yours though; right? That happens from time to time, and an authentication process that requires you to persist your auth information on disk carries some extra risks. You need to remember to delete it when you’re done.