-
Improvement
-
Resolution: Unresolved
-
Minor
-
Docker Pipeline 1.14
GitHub recommends for git+https to use API tokens instead of username & password.
GitHub API token can be passed as a real token (https://<token>@github.com/username/bar.git) or as the username of a username:password auth (https://<token>:@github.com/username/bar.git).
The client-client-plugin only supports username-password credentials for the moment (see o.j.p.gitclient.CliGitAPIImpl#getGitCredentialsURL()).
Using a username-password-credentials storing the token in the username field is not a valid workaround as the GitHub API token is revealed in the GUI (see attached screenshot).
Could we add support for Token as credentials for git+https and, if possible, introduce a credentials named "Token" as this name is more intuitive than "Secret Text".
The plugin already supports GitHub API tokens in its current steps. I create a new credential with my user name, and with the API token as the password, then reference that credential from the job definition. Does that not work for you?
Is there something more to be gained by calling the password an API token?