Skip to content

github-clone GitHub accessλ︎

github-clone is Deprecated

Space g c now calls magit-clone which is a far more secure approach than previously provided by github-clone.

github-clone was removed as part of the deprecation of the github layer. Only the git layer is now recommended.

The content below is kept for posterity and will be moved to the reference section.

Space g c can clone a remote repository from GitHub / GitLab.

Using an SSH URL and an SSH key, then no further configuration is required.

Using an HTTPS URL required the configuration of a developer token.

Use Magit as a GitHub Client

Magit and Magit Forge provides the majority of github-clojure features, except for searching GitHub for a repository. Magit Forge can use an .authinfo.gpg which provides a high degree of security.

GitHub CLIλ︎

GitHub CLI will generate a developer token each time the auth login command is issued

git auth login

Configure developer tokenλ︎

Developer tokens should have limited life-span

Saving a developer token to the file space, especially in a file that could be included in version control and pushed to a remote server is a security issue.

Using GitHub CLI can minimise the risk by recycling the tokens. Or create tokens with a very short life-span via the GitHub / GitLab website.

The github-clone package in the Spacemacs GitHub layer requires a personal access token in ~/.gitconfig to access GitHub. As ~/.gitconfig is plain text, adding a token is a potential security risk.

If an access token is shared, it should be immediately deleted from your GitHub account. Personal access tokens do not provide access to a users GitHub account, so are less of a risk than using a password.

Add your GitHub account name to the Git configuration

git config --global github.user practicalli

Add the personal access token to Git configuration (using your own token)

git config --global github.oauth-token ****************************************

Move token to config-privateλ︎

To help mistakenly committing the token to a shared repository, move the [github] section from the Git Configuration file to a file called config-private

~/.config/git/config-private
  [github]
    user = <your-github-username>
    # oauth-token = ***************************

Add an [include] section in the Git configuration file to include the details from the .gitconfig-private

~/.config/git/config
  [include]
    path = ~/.gitconfig-private

The Git configuration file can then safely be committed to a shared Git repository without exposing the access token.

Last update: September 14, 2023