Table of Contents
When you’re working as a software engineer on a proprietary product, it is not unlikely that you want or have to use a private Git repository.
Pulling stuff from a private repo directly to your local machine has become fairly trivial. All you need to do is generate an ssh key-pair, save the public key with your Git provider and add the private key to your ssh-agent.
Now, here’s where things get hairy. You’d think that DevPod could use that same ssh key to pull from that same private repo. But when you try to start up a workspace from a private git repository, you might bump into an error like this:
So, what’s the secret sauce to get DevPod in on the private repo action?
One option could be giving DevPod an access token. Although we could keep our username and token in the .gitconfig, that’s a potential leak waiting to happen. Since it is stored in plaintext, it could easily be read and stolen by a rogue npm package for example.
Lucky for us, some brainy folks out there introduced the gitcredentials helper to help solve this problem. We recommend using the git credential manager so you don’t have to write your own implementation.
Once authenticated successfully, your credentials are stored in your system, e.g. on the MacOS keychain or in the Windows credential manager and will be used every time you interact with the repository (i.e git clone, pull, push etc) via an HTTPS URL.
To summarize, the git credentials manager uses a system-specific secure way to store credentials and only sends them over secure HTTPS connections.
After installation, Git will use the manager implicitly to look up the needed credentials.
Now, let’s dive into the setup and connect DevPod to our private repos.
#GitHub repositories
-
Install git credential manager
-
When you try to create a workspace with a private repo, you will get this popup
-
Click “Sign in with your browser” and you will be prompted to authorize Git Credential Manager in a new browser tab
Make sure all settings are as you want them then hit authorize
-
Success!
#GitLab repositories
The flow for Gitlab is very similar to this.
- If you haven’t already, install the git credential manager
- After you create a workspace from a private GitLab repo, a popup opens giving you the option to sign in through your browser.
- Click on “Sign in with you browser” and you will be prompted to authorize Git Credentials Manager in a new browser window
- Hit Authorize and wait for the success notification to come through
In a nutshell, armed with the Git credential manager, your DevPod can now gracefully access private repositories, keeping your credentials snug and secure, while you confidently navigate the world of software development with peace of mind.
If you have further questions or comments, make sure to join our community Slack on slack.loft.sh, where you can chat to users and maintainers.
