DEV Community

loading...
Cover image for “[GitHub] Deprecation Notice” for Password to Git Resolved

“[GitHub] Deprecation Notice” for Password to Git Resolved

mtsafe profile image Albir Tarsha ・2 min read

One Small Step For GitHub Security Requires One Giant Leap For Casual Git Users

“using a password to Git is deprecated”

Distant Early Warning

By now you have probably received an email similar to this and disregarded it as August 13, 2021 was quite far away. Now being April I felt that I had sufficiently procrastinated and it was time for a spring cleaning.

Hi @my_username,

You recently used a password to access the repository at MyTeam/ProjectRepo with git using git/2.25.1.

Basic authentication using a password to Git is deprecated and will soon no longer work. Visit https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ for more information around suggested workarounds and removal dates.

Thanks,
The GitHub Team

Thus began my quest to fix this warning before being locked out in August….

To keep this short I will not talk about the travails chronologizing how I uncovered this fix. Instead I will simply elaborate upon the order that I used the referenced documents.

Where Is My Password Information Being Kept?

I set up git and my GitHub years ago and forgot how I did it. Googling “git config” gave me the command git config --list which helped me establish that I did use macOS Keychain.

$ git config --list
credential.helper=osxkeychain
[etc ...]
Enter fullscreen mode Exit fullscreen mode

Next I removed the github entry as described here in this document.
https://docs.github.com/en/github/getting-started-with-github/updating-credentials-from-the-macos-keychain#deleting-your-credentials-via-the-command-line

$ git credential-osxkeychain erase
host=github.com
protocol=https
[Press Return again leaving a blank line]
Enter fullscreen mode Exit fullscreen mode

The command git push will now ask for Username and Password demonstrating that the password is cleared out.

Great, Now How Do I Git Back In?

I used a tip from airtower-luna:

“The smallest change from using your password would be to create a personal access token (PAT) with the repo scope and use that instead of your password when pushing. Using a password manager to keep the token is a good idea.”
[Reference: https://github.community/t/account-access-password-deprivation-keys-clueless/152106/2]

And I followed the instructions contained below to create a personal access token, checking the box for the scope “repo” at step 7. Immediately I saved a copy of the token. (Copy-paste.) I tested my token using git push and passed the token for the password.
https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token

How Do I Stash That Token?

Lol. The token is already saved. The token was stored for future use automatically when I tested git push and passed the token. So executing git push again gave no password request.

$ git push
Username for 'https://github.com': my_username
Password for 'https://my_username@github.com': 
Everything up-to-date
$ git push
Everything up-to-date
$ 
Enter fullscreen mode Exit fullscreen mode

More About The Requirements

For more about the requirements from GitHub you can refer to the GitHub Blog. https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/

Now, back to work.

Discussion (0)

Forem Open with the Forem app