Hub: OAuth token stored on gitconfig file

Hello, right now this isn't possible. However, if you don't wish to have the token stored in ~/.config/hub, you can erase it from there, and have your shell rc file populate the GITHUB_TOKEN environment variable by pulling it dynamically from keychain. Hub will then use the token from environment variable and should not prompt for username/password nor store authentication info in ~/.config/hub.

@mislav Did you think is could be useful put, optionally, token on gitconfig file?

It's possible, but I don't want to use the gitconfig file for anything
related to hub.

Have you a specific reason for that? Tools like going store tokens on
gitconfig.

On Fri, Sep 9, 2016, 19:53 Mislav Marohnić [email protected] wrote:

It's possible, but I don't want to use the gitconfig file for anything
related to hub.

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/github/hub/issues/1259#issuecomment-246062636, or mute
the thread
https://github.com/notifications/unsubscribe-auth/AFvvR4N464ARfkHohVaLjl5NILgx5YIsks5qoeNNgaJpZM4J5L4I
.

Marcos H. Alano

Sent from my Android

Have you a specific reason for that?

Yes: to allow people to check their gitconfig in version control in case they back up their dotfiles. Lots of people publish their dotfiles on GitHub, and avoiding storing tokens in there reduces the risk of accidentally publishing your GitHub token.

Interesting. I always saw as standard to put the token inside gitconfig. Lots of tools do that (the tools which support tokens, of course), so I think keep this option available (but not standard) should be good.

If users have multiple accounts for work/non-work, what's the best way to have per-project tokens for hub?

@lox If you have multiple GitHub accounts, there is no elegant way. You could create a wrapper script for hub:

#!/bin/bash
set -e

# Check $PWD and set the token for this project accordingly:
export GITHUB_TOKEN="..."

exec hub "$@"

Then you can alias hub=my-hub-wrapper and have hub <command> ... invocations dynamically swap out the token based on criteria that you program into the script.

The example shown above would work really well to leverage git 2.13's conditional includes:
https://git-scm.com/docs/git-config#_conditional_includes

You could configure git to include additional config settings based on the path of the repo. Then the hub wrapper would merely need to invoke git config hub.user

I would like to argue in favor of reading the token from the repo's .gitconfig.

It is the easiest way to configure different accounts per repo.

You could slap a huge warning in the documenation to not do this and explain why. Anyone who does it anyway should be considered an adult who understands the consequences.

I don't see a reason to publish .gitconfig and anyone who wants to publish their dotfiles will have to sanitize them anyway. Hub protects me from something I'll never do at the cost of making it only usable if I write a wrapper for it.

Any chance you might reconsider?