One Small Step For GitHub Security Requires One Giant Leap For Casual Git Users
“using a password to Git is deprecated”
Distant Early Warning
By now you have probably received an email similar to this and disregarded it as August 13, 2021 was quite far away. Now being April I felt that I had sufficiently procrastinated and it was time for a spring cleaning.
Hi @my_username,
You recently used a password to access the repository at MyTeam/ProjectRepo with git using git/2.25.1.
Basic authentication using a password to Git is deprecated and will soon no longer work. Visit https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ for more information around suggested workarounds and removal dates.
Thanks,
The GitHub Team
Thus began my quest to fix this warning before being locked out in August….
To keep this short I will not talk about the travails chronologizing how I uncovered this fix. Instead I will simply elaborate upon the order that I used the referenced documents.
Where Is My Password Information Being Kept?
I set up git and my GitHub years ago and forgot how I did it. Googling “git config” gave me the command git config --list
which helped me establish that I did use macOS Keychain.
$ git config --list
credential.helper=osxkeychain
[etc ...]
Next I removed the github entry as described here in this document.
https://docs.github.com/en/github/getting-started-with-github/updating-credentials-from-the-macos-keychain#deleting-your-credentials-via-the-command-line
$ git credential-osxkeychain erase
host=github.com
protocol=https
[Press Return again leaving a blank line]
The command git push
will now ask for Username and Password demonstrating that the password is cleared out.
Great, Now How Do I Git Back In?
I used a tip from airtower-luna:
“The smallest change from using your password would be to create a personal access token (PAT) with the repo scope and use that instead of your password when pushing. Using a password manager to keep the token is a good idea.”
[Reference: https://github.community/t/account-access-password-deprivation-keys-clueless/152106/2]
And I followed the instructions contained below to create a personal access token, checking the box for the scope “repo” at step 7. Immediately I saved a copy of the token. (Copy-paste.) I tested my token using git push
and passed the token for the password.
https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token
How Do I Stash That Token?
Lol. The token is already saved. The token was stored for future use automatically when I tested git push
and passed the token. So executing git push
again gave no password request.
$ git push
Username for 'https://github.com': my_username
Password for 'https://my_username@github.com':
Everything up-to-date
$ git push
Everything up-to-date
$
More About The Requirements
For more about the requirements from GitHub you can refer to the GitHub Blog. https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/
Now, back to work.
Top comments (0)