How to use git commands after enable gitlab's second-factor authentication
GitAuthenticationGitlabGit Problem Overview
Today I've enabled Gitlab's 2nd-factor authentication. After that, since I logged in the Gitlab website, I need to use my cell phone to pass a 6-digits plus my password, that's good, it makes me feel safe.
However, when I use the general operations, for example git clone some-repo.git, I got the error:
Cloning into 'some-repo'...
remote: HTTP Basic: Access denied
remote: You must use a personal access token with 'api' scope for Git over HTTP.
remote: You can generate one at https://gitlab.com/profile/personal_access_tokens
fatal: Authentication failed for 'some-repo.git'
Then I try existing cloned local repo, using git pull, the same error occurs. Before I enabled the 2nd-factor authentication, all the above operation worked fine.
Flowing the above error's instructions, I went to the mentioned address: https://gitlab.com/profile/personal_access_tokens. I created the following token, and save the token's key.
However, I don't know what to do with this key. Can someone tell me how to use this key to enable the basic operations like git pull, git clone, git push etc...
Edit
I had many repos on local before I enabled the 2nd-factor authentication. I want these to work too.
Git Solutions
Solution 1 - Git
As explained in https://stackoverflow.com/questions/25409700/using-gitlab-token-to-clone-without-authentication, you can clone a GitLab repo using your Personal Access Token like this:
git clone https://oauth2:[email protected]/yourself/yourproject.git
As for how to update your existing clones to use the GitLab Personal Access Token, you should edit your .git/config file in each local git directory, which will have an entry something like this:
[remote "origin"]
url = https://[email protected]/yourself/yourproject.git
Change the url:
[remote "origin"]
url = https://oauth2:[email protected]/yourself/yourproject.git
Now you can continue using this existing git clone as you did before you enabled 2FA.
Solution 2 - Git
I used the generated Personal Access Token as the password when prompted to enter credentials.
This allowed me to just use the standard Git Clone syntax without entering anything additional.
When you generate, copy the token. This is the password that will be stored in Credential Manager when you clone. Use that as your password instead of your git password.
Solution 3 - Git
Visit the below link and enter your Name and Expiry Date.
Then click on the different checkboxes like read_user, read_repository, write_repository, etc for access scopes and create a new Personal Access Token and store it in a secured location
https://gitlab.com/profile/personal_access_tokens
Now when you do a git pull, git clone, git push, etc you can enter your username/email as the Username and enter the newly created Personal Access Token as Password
Solution 4 - Git
See the link below enter link description here
You just need to create a new token for your profile! To do this,
- click on your photo and then enter the Edit Profile section
- click on Access Tokens
- Create a new token with the permissions you need
- Now copy the created token according to the photo below enter image description here
- git clone https://github.com/YOUR-USERNAME/YOUR-REPOSITORY
- Enter your username, but use the created token instead of the password!
Solution 5 - Git
Clone current repo with git clone ${CI_REPOSITORY_URL}
Clone other repos with git clone https://oauth2:${PERSONAL_ACCESS_TOKEN}@gitlab.com/acme/my-project.git. Gitlab uses "oauth2" + token convention to populate OAuth2 Authentication headers, but I could not find official documentation for this.
Enable current repo modifications with git remote set-url origin ${CI_PROJECT_URL/gitlab.com/oauth2:${PERSONAL_ACCESS_TOKEN}@gitlab.com}.git
Here is a job that tags the current repo, using git push:
build_rpms:
stage: package
script:
- echo "Build RPMs. Add tag v1.9d"
- apk add git
- git config --list
# --force is needed for both tag and push to allow job replay
- git tag v1.9d --force
# Enable pushing from CI pipeline:
#
# At that point git origin points to CI_REPOSITORY_URL=
# https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com/acme/my-project.git
# This setup does not allow modifications (i.e git push will be rejected).
#
# We use Gitlab Personal Access Token with 'write' access. This token shall
# be generated via Gitlab user settings and then it shall be added as a masked
# environment variable for this project CI settings.
#
# Use "oauth2" as user. For example for CI_PROJECT_URL=https://gitlab.com/acme/my-project
# set origin to https://oauth2:wSHnMvSmYXtTfXtqRMxs@gitlab.com/acme/my-project.git
#
- git remote set-url origin ${CI_PROJECT_URL/gitlab.com/oauth2:${PERSONAL_ACCESS_TOKEN}@gitlab.com}.git
- git remote -v
# Use -o ci.skip option to avoid triggering pipeline again
- git push origin v1.9d --force -o ci.skip
when:
manual
Solution 6 - Git
A user-friendly alternative to personal access tokens is Git Credential Manager which does secure OAuth authentication via web browser. Documentation at https://github.com/GitCredentialManager/git-credential-manager/blob/main/docs/gitlab.md