Skip to content

GitHub access for github-cloneλ︎

Space g c can clone a remote repository from GitHub / GitLab.

Using an SSH URL and an SSH key, then no further configuration is required.

Using an HTTPS URL required the configuration of a developer token.

Use Magit as a GitHub Client

Magit and Magit Forge provides the majority of github-clojure features, except for searching GitHub for a repository. Magit Forge can use an .authinfo.gpg which provides a high degree of security.

GitHub CLIλ︎

GitHub CLI will generate a developer token each time the auth login command is issued

git auth login

Configure developer tokenλ︎

Developer tokens should have limited life-span

Saving a developer token to the file space, especially in a file that could be included in version control and pushed to a remote server is a security issue.

Using GitHub CLI can minimise the risk by recycling the tokens. Or create tokens with a very short life-span via the GitHub / GitLab website.

The github-clone package in the Spacemacs GitHub layer requires a personal access token in ~/.gitconfig to access GitHub. As ~/.gitconfig is plain text, adding a token is a potential security risk.

If an access token is shared, it should be immediately deleted from your GitHub account. Personal access tokens do not provide access to a users GitHub account, so are less of a risk than using a password.

Add your GitHub account name to the Git configuration

git config --global github.user practicalli

Add the personal access token to Git configuration (using your own token)

git config --global github.oauth-token 5aa705bda08803e0ed59c39e0a4101c0fea0ec3b

The ~/.gitconfig file will be updated and should look similar to this example

Git configuration - user name and email with GitHub user name and oauth token

Move configuration to a .github-private fileλ︎

To help mistakenly committing the token to a shared repository, move the [github] section from .gitconfig to a file called .gitconfig-private

  [github]
    user = <your-github-username>
    oauth-token = <01personal02access03token>

Add an [include] section in the .gitconfig fot to include the details from the .gitconfig-private

  [include]
    path = ~/.gitconfig-private

The .gitconfig file can then safely be committed to a shared Git repository without exposing the access token.


Last update: December 26, 2022