Git credential helper using GitHub App authentication to provide Github tokens as credentials to Git.
The helper will cache the credentials and only request a new token when the previous one expired.
Create a Github App and install it on the repository or account/organization.
The app needs to have at least read permission for the "Contents" of the repository.
You must also generate a private key for the app in order to make API requests.
-
Make sure the helper binary
git-credential-github-app-authis in your path. The authentication agent listens on a local Unix socket and can be started with the following command:git-credential-github-app-auth \ /run/user/1000/github-app-auth \ agent \ --app-id 1234 \ --key-path /path/to/app/private-key.pemFor Github Enterprise installations the
--github-urlmust be supplied and shoud be in the form ofhttps://<ghe-hostname>/api/v3. -
Configure the Git credential helper in
~/.gitconfig:[credential "https://github.com"] helper = "github-app-auth /run/user/1000/github-app-auth client" useHttpPath = true
To test that the authentication helper works, you can either clone a repo that
has the configured Github app installed or run git credential fill directly and provide e.g. the
following input (note the extra newline at the end; see also expected
format):
protocol=https
host=github.com
path=westphahl/git-credential-github-app-auth.git