Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

git-credential-rbw is broken in 1.10.0 #167

Closed
ymatsiuk opened this issue Apr 26, 2024 · 1 comment
Closed

git-credential-rbw is broken in 1.10.0 #167

ymatsiuk opened this issue Apr 26, 2024 · 1 comment

Comments

@ymatsiuk
Copy link

ymatsiuk commented Apr 26, 2024
edited
Loading

Before #132 credentials helper was fetching the entity by its name, now it seems like URI is a priority.

Context:
I have two entries in my vault:

  • github which holds my GH credentials (e.g. username and password) (URI is set to https://github.com)
  • https://github.com carved specifically for git-credential-rbw which only contains GH token (no URI)

With the recent change when I push I see the following (was not the case before):

remote: Support for password authentication was removed on August 13, 2021.
remote: Please see https://docs.github.com/get-started/getting-started-with-git/about-remote-repositories#cloning-with-https-urls for information on currently recommended modes of authentication.

Now rbw get --full https://github.com is identical to rbw get --full github and displays the content of github whereas to get the value of https://github.com I have to run rbw get --full github.com. And if I set the URI for both I get this

❯ rbw get --full https://github.com
rbw get: couldn't find entry for 'https://github.com/': multiple entries found: <snip>@github, <snip>@https://github.com
❯ rbw list | grep github
github
https://github.com

We either have to fix credentials helper or revert the change and give it another round of thoughts.
One of the potential fixes could be checking the name first and only if the name doesn't match use the URI instead.

Thanks!

Edit: removing URI from the github secrets works as a workaround, but presents wrong secret in the browser extension
@ymatsiuk
Copy link
Author

ymatsiuk commented May 2, 2024
edited
Loading

I think I ruled this out. This is the solution:

[credential]
	helper = "rbw"
	username = "<username>"

I added username into credentials section of git config then changed my secrets to use email for github web authentication (note: github supports both username and email)

This is what it looks like now:

❯ rbw get --full github
<snip/password>
Username: <snip/email>
URI: https://github.com
❯ rbw get --full https://github.com
<snip/token>
Username: <snip/username>

These secrets don't overlap anymore.

Hopefully this saves someone else's frustration 😉

Edit: I ended up using custom helper:

[credential]
	helper = "!f() { test \"$1\" = get && while read -r line; do case $line in protocol=*) protocol=${line#*=} ;; host=*) host=${line#*=} ;; username=*) user=${line#*=} ;; esac done && test \"$protocol\" = \"https\" && test -n \"$host\" && token=$(rbw get \"$host\" \"$user\") && printf 'password=%s\n' \"$token\"; }; f"
	username = "ymatsiuk"

@ymatsiuk ymatsiuk closed this as completed May 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ymatsiuk