ymatsiuk
commented
5 months ago I think I ruled this out. This is the solution:
[credential]
helper = "rbw"
username = "<username>"I added username into credentials section of git config then changed my secrets to use email for github web authentication (note: github supports both username and email)
This is what it looks like now:
❯ rbw get --full github
<snip/password>
Username: <snip/email>
URI: https://github.com
❯ rbw get --full https://github.com
<snip/token>
Username: <snip/username>These secrets don't overlap anymore.
Hopefully this saves someone else's frustration :wink:
Edit: I ended up using custom helper:
[credential]
helper = "!f() { test \"$1\" = get && while read -r line; do case $line in protocol=*) protocol=${line#*=} ;; host=*) host=${line#*=} ;; username=*) user=${line#*=} ;; esac done && test \"$protocol\" = \"https\" && test -n \"$host\" && token=$(rbw get \"$host\" \"$user\") && printf 'password=%s\n' \"$token\"; }; f"
username = "ymatsiuk"
Before https://github.com/doy/rbw/pull/132 credentials helper was fetching the entity by its name, now it seems like URI is a priority.
Context: I have two entries in my vault:
githubwhich holds my GH credentials (e.g. username and password) (URI is set to https://github.com)https://github.comcarved specifically forgit-credential-rbwwhich only contains GH token (no URI)With the recent change when I push I see the following (was not the case before):
Now
rbw get --full https://github.comis identical torbw get --full githuband displays the content ofgithubwhereas to get the value ofhttps://github.comI have to runrbw get --full github.com. And if I set theURIfor both I get thisWe either have to fix credentials helper or revert the change and give it another round of thoughts. One of the potential fixes could be checking the name first and only if the name doesn't match use the URI instead.
Thanks!
Edit: removing
URIfrom thegithubsecrets works as a workaround, but presents wrong secret in the browser extension