6

My Mercurial server requires https authentication for pulls. How can I cache my authentication information on the client without exposing a plain-text password on disk?

I'm looking for something like using sudo with mercurial and ssh authentication but for HTTPS.

Community
  • 1
  • 1
Gili
  • 86,244
  • 97
  • 390
  • 689

2 Answers2

6

have you explored Mercurial keyring?

It supports HTTPS and comes bundled with the latest version of TortoiseHg. If you don't have TortoiseHg, you can install it like any other extension as well (although I recommend TortoiseHg if you're a Windows user).

Vadim Kotov
  • 8,084
  • 8
  • 48
  • 62
dls
  • 4,146
  • 2
  • 24
  • 26
  • This doesn't seem to work well under Windows. The code uses pwd and other unix-specific commands. Apparently there is a cross-platform way of doing this with client-side certificates. Any ideas? – Gili Oct 01 '10 at 07:30
  • 1
    The TortoiseHg version of Hg and keyring should be fine on Windows. Here's what the keyring docs say: "If you are on Windows, we recommend you use TortoiseHg. THG ships with Windows specific keyring backends, without which the mercurial-keyring extension cannot function properly on Windows. The mercurial-keyring extension itself is shipped with TortoiseHg since version 0.10." – dls Oct 01 '10 at 13:22
  • 2
    Once you've installed TortoiseHg you need to enable the mercurial_keyring extension: right-click on any folder in explorer > TortoiseHg > Global Settings > click on Extensions > tick mercurial_keyring > click OK. Now you'll be prompted the first time for your password but not for subsequent operations. (Why they don't turn this on by default or make it more widely known seems daft to me!) – Rory Jan 16 '11 at 01:32
-2

You can put an [auth] section in your ~.hgrc:

[auth]
foo.prefix = hg.intevation.org/mercurial
foo.username = foo
foo.password = bar
foo.schemes = http https

Or you can always use a URL with authentication info in it, which is as valid in mercurial as it is in your web browser's URL bar:

http://user:pass@host.com/path/to/repo/

which you'd put in your repo's .hg/hgrc file's [path] section.

Ry4an Brase
  • 78,112
  • 7
  • 148
  • 169
  • 3
    The question explicitly states I don't want to expose a plain-text password on disk. Try again :) – Gili Sep 29 '10 at 19:57