git-credential-rbw is broken in 1.10.0
ymatsiuk opened this issue · comments
Before #132 credentials helper was fetching the entity by its name, now it seems like URI is a priority.
Context:
I have two entries in my vault:
github
which holds my GH credentials (e.g. username and password) (URI is set to https://github.com)https://github.com
carved specifically forgit-credential-rbw
which only contains GH token (no URI)
With the recent change when I push I see the following (was not the case before):
remote: Support for password authentication was removed on August 13, 2021.
remote: Please see https://docs.github.com/get-started/getting-started-with-git/about-remote-repositories#cloning-with-https-urls for information on currently recommended modes of authentication.
Now rbw get --full https://github.com
is identical to rbw get --full github
and displays the content of github
whereas to get the value of https://github.com
I have to run rbw get --full github.com
. And if I set the URI
for both I get this
❯ rbw get --full https://github.com
rbw get: couldn't find entry for 'https://github.com/': multiple entries found: <snip>@github, <snip>@https://github.com
❯ rbw list | grep github
github
https://github.com
We either have to fix credentials helper or revert the change and give it another round of thoughts.
One of the potential fixes could be checking the name first and only if the name doesn't match use the URI instead.
Thanks!
Edit: removing URI
from the github
secrets works as a workaround, but presents wrong secret in the browser extension
I think I ruled this out. This is the solution:
[credential]
helper = "rbw"
username = "<username>"
I added username
into credentials
section of git config then changed my secrets to use email for github web authentication (note: github supports both username and email)
This is what it looks like now:
❯ rbw get --full github
<snip/password>
Username: <snip/email>
URI: https://github.com
❯ rbw get --full https://github.com
<snip/token>
Username: <snip/username>
These secrets don't overlap anymore.
Hopefully this saves someone else's frustration 😉
Edit: I ended up using custom helper:
[credential]
helper = "!f() { test \"$1\" = get && while read -r line; do case $line in protocol=*) protocol=${line#*=} ;; host=*) host=${line#*=} ;; username=*) user=${line#*=} ;; esac done && test \"$protocol\" = \"https\" && test -n \"$host\" && token=$(rbw get \"$host\" \"$user\") && printf 'password=%s\n' \"$token\"; }; f"
username = "ymatsiuk"