Closed ymatsiuk closed 5 months ago
I think I ruled this out. This is the solution:
[credential]
helper = "rbw"
username = "<username>"
I added username
into credentials
section of git config then changed my secrets to use email for github web authentication (note: github supports both username and email)
This is what it looks like now:
❯ rbw get --full github
<snip/password>
Username: <snip/email>
URI: https://github.com
❯ rbw get --full https://github.com
<snip/token>
Username: <snip/username>
These secrets don't overlap anymore.
Hopefully this saves someone else's frustration :wink:
Edit: I ended up using custom helper:
[credential]
helper = "!f() { test \"$1\" = get && while read -r line; do case $line in protocol=*) protocol=${line#*=} ;; host=*) host=${line#*=} ;; username=*) user=${line#*=} ;; esac done && test \"$protocol\" = \"https\" && test -n \"$host\" && token=$(rbw get \"$host\" \"$user\") && printf 'password=%s\n' \"$token\"; }; f"
username = "ymatsiuk"
Before https://github.com/doy/rbw/pull/132 credentials helper was fetching the entity by its name, now it seems like URI is a priority.
Context: I have two entries in my vault:
github
which holds my GH credentials (e.g. username and password) (URI is set to https://github.com)https://github.com
carved specifically forgit-credential-rbw
which only contains GH token (no URI)With the recent change when I push I see the following (was not the case before):
Now
rbw get --full https://github.com
is identical torbw get --full github
and displays the content ofgithub
whereas to get the value ofhttps://github.com
I have to runrbw get --full github.com
. And if I set theURI
for both I get thisWe either have to fix credentials helper or revert the change and give it another round of thoughts. One of the potential fixes could be checking the name first and only if the name doesn't match use the URI instead.
Thanks!
Edit: removing
URI
from thegithub
secrets works as a workaround, but presents wrong secret in the browser extension