GitHub access for github-cloneλ︎
Space g c can clone a remote repository from GitHub / GitLab.
Using an SSH URL and an SSH key, then no further configuration is required.
Using an HTTPS URL required the configuration of a developer token.
Use Magit as a GitHub Client
Magit and Magit Forge provides the majority of github-clojure features, except for searching GitHub for a repository. Magit Forge can use an .authinfo.gpg which provides a high degree of security.
GitHub CLIλ︎
GitHub CLI will generate a developer token each time the auth login command is issued
Configure developer tokenλ︎
Developer tokens should have limited life-span
Saving a developer token to the file space, especially in a file that could be included in version control and pushed to a remote server is a security issue.
Using GitHub CLI can minimise the risk by recycling the tokens. Or create tokens with a very short life-span via the GitHub / GitLab website.
The github-clone package in the Spacemacs GitHub layer requires a personal access token in ~/.gitconfig to access GitHub. As ~/.gitconfig is plain text, adding a token is a potential security risk.
If an access token is shared, it should be immediately deleted from your GitHub account. Personal access tokens do not provide access to a users GitHub account, so are less of a risk than using a password.
Add your GitHub account name to the Git configuration
Add the personal access token to Git configuration (using your own token)
The ~/.gitconfig file will be updated and should look similar to this example
Move configuration to a .github-private fileλ︎
To help mistakenly committing the token to a shared repository, move the [github] section from .gitconfig to a file called .gitconfig-private
Add an [include] section in the .gitconfig fot to include the details from the .gitconfig-private
The .gitconfig file can then safely be committed to a shared Git repository without exposing the access token.