Vvv: Method for storing git credentials

I had problems with authentication to the https version of the repo. I finally went with the ssh protocol, where the repo is defined as repo: [email protected]/PROJECT.git

In that mode, Github uses the local stored credentials and passes them along.

Are you using Github?

We're using Beanstalk.

Related issues #1242/#1225

I would login to the VM and do a git clone and confirm what happens. The git clone command is run there Then try to form the command so that it authorizes you and the repo is cloned. If you can do this on the VM then you should be know what credential data is missing. AS @grappler mentioned, I resolved a similar issue by insuring my credentials/keys are uploaded as part of the provision process.

I made the following changes to the Vagrant file to resolve this:

  # RJM 9/20/107 provision the ssh key for github go we can get access to the gm woocommerce repo
  ssh_key = ENV['USERPROFILE'] +  "\\.ssh\\github_woocommerce_rsa"
  config.vm.provision "file", source: ssh_key, destination: "/home/vagrant/.ssh/id_rsa"

  # RJM 9/24/17 insert custom public key for ssh access
  ssh_pub_key = File.readlines("#{Dir.home}/.ssh/id_rsa.pub").first.strip
  config.vm.provision 'shell', inline: "echo #{ssh_pub_key} >> /root/.ssh/authorized_keys"
  config.vm.provision 'shell', inline: "echo #{ssh_pub_key} >> /home/vagrant/.ssh/authorized_keys", privileged: false

You would need to do something similar for Beanstalk.

The https protocol, by its nature, will require some clear text storage of credentials in order to access a private git repo. SSH on the other hand, depends on public-key encryption, and is more secure. The trick is to provision the repo public key and the host key, at provision time.

For managing SSH repo access on Beanstalk see http://guides.beanstalkapp.com/version-control/git-on-linux.html

Have you tried using the SSH method instead of the HTTP method so that key forwarding works? I'd also note that Beanstalk is a client application not a git repository host

I'm going to close this, use the SSH method and rely on key forwarding. If that doesn't work, and you definately have the right credentials, open a ticket

Using SSH doesn't work if your repository has submodules that use HTTPS.

That's still going to be a problem either way. All I can suggest is you SSH into the VM and make sure internally it's aware of those specifics, and switch any submodules where possible. Key forwarding allow for SSH.

But, lets say we added a git credential store:

• it'd be plaintext, so what's the point of not using vvv-custom.yml
• if we encrypted it, there'd be little point as anybody with a copy of VVV could decrypt it
• how would we get those credentials into git so it knows the user pass combination?

Don't forget PHP scripts have access to /vagrant and can see the entire vagrant folder

If you have a good solution that's easy to maintain, uses standard systems, and isn't a complete hack, then let us know. In the meantime, use SSH and key forwarding where possible

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.