execute git pull with username and password

Question

Is there way to put username and password in the command with git pull, to avoid password message. for example

git pull -u ahmeditman -p 123456  #this example to explain .

It is okay to use

git pull http://ahmeditmna:[email protected]

But it will pull from Master Branch, but if i need to pull from dev Branch ?

Possible duplicate of [Username and password in command for git push](https://stackoverflow.com/questions/29776439/username-and-password-in-command-for-git-push) — Lorenzo Addazi, Oct 30 '18 at 12:42
Is there some reason you want to use HTTPS instead of SSH? An SSH key may solve your problem neatly. — ChrisGPT was on strike, Oct 30 '18 at 12:57
@AhmedMItman, switch to your local `dev` branch and pull. It should work. — Lorenzo Addazi, Oct 31 '18 at 09:44

score 7 · Accepted Answer · answered Oct 30 '18 at 13:31

It is okay to use

git pull http://ahmeditmna:[email protected]

I think you mean git clone http://ahmeditmna:[email protected]

Technically speaking, yes. http://username:password@domain/path is a valid URL part of HTTP(S) protocol.

But is that safe or should you do it? No.

Well first, it's better to use HTTPS, if you are pushing / pulling from a public repository it won't be a problem since data is already public, but if it's a private repository your data could be read by an attacker.

But the more important part is anyone having access to the copy of your repository would be able to read your credentials. Just try it (I took the first Python related repository for this example..):

cd /tmp/
git clone 'https://username:[email protected]/mshibly/python-examples-from-intro-to-python-course.git'
cd python-examples-from-intro-to-python-course/
git remote -v

git remote -v list repository's remotes URL, let's see:

origin   https://username:[email protected]/mshibly/python-examples-from-intro-to-python-course.git (fetch)
origin   https://username:[email protected]/mshibly/python-examples-from-intro-to-python-course.git (push)

As you can see, your credentials are here, waiting to be read.

And that's even worst if you use this on a server since depending on your general configuration you can find your credentials in logs. Not speaking about the fact you may end by scripting this and have your credentials into a script you may commit and / or store on someone's else server.

The point here is there are not good reasons to do this, but there a plenty of good reasons to not.

No, it's not ok to do this. I advise you to spend some hours learning how SSH works and configuring your OS.

score 5 · Answer 2 · answered Jul 01 '20 at 12:04

5

If you override the remote origin URL (git config remote.origin.url) to http://ahmeditmna:[email protected], like:

git remote set-url origin http://ahmeditmna:[email protected]

Pull will work without prompting for password on any kind of branch.

answered Jul 01 '20 at 12:04

Bence Kaulics

7,066
7
33
63

execute git pull with username and password

2 Answers2