Configuring User Auth for HTTPS

posted by Zachary Voase on October 1, 2009

If you use HTTPS as your chosen method of pushing/pulling to a repo, you’ll find that every time you do so, Mercurial will ask for your credentials. Fortunately, a simple piece of configuration in your ~/.hgrc file can fix this.

Note: This is a new feature that was introduced in Mercurial 1.3. If you have an older version you’ll need to update to use this tip!

Note: This tip involves putting your username and password in plain text in your ~/.hgrc. It’s usually a lot more secure to either:

If you are not 100% sure that you are the only one with access to your ~/.hgrc file, then stop now.

The [auth] section in your ~/.hgrc file contains credentials for HTTP authentication. Each set of credentials can be given an arbitrary name; for the purposes of this tip we’ll assume you’re using BitBucket to host your repository, so this set of credentials will be called bb.

Add the following to your ~/.hgrc:

[auth]
bb.prefix = https://bitbucket.org
bb.username = {username}
bb.password = {password}

Replacing {username} and {password} with your BitBucket credentials.

You can also specify multiple sets of credentials with different prefixes. For example, if you have two BitBucket accounts:

[auth]
bb1.prefix = https://bitbucket.org/foo/
bb1.username = foo
bb1.password = foo_passwd

bb2.prefix = https://bitbucket.org/bar/
bb2.username = bar
bb2.password = bar_passwd

Pushing to any repo whose URI starts with https://bitbucket.org/foo/ will use the ‘foo’ account, and likewise for ‘bar’. In this case, however, you can take advantage of the fact that Mercurial will always choose the set of credentials with the most specific matching prefix. Therefore, if you have:

[auth]
bb1.prefix = https://bitbucket.org/
bb1.username = foo
bb1.password = foo_passwd

bb2.prefix = https://bitbucket.org/bar/
bb2.username = bar
bb2.password = bar_passwd

Then any non-/bar/ repos will use the ‘foo’ account, because it is the only matching prefix. /bar/ repos will use the ‘bar’ account, since both of them match but ‘bar’ is more specific.

Finally, you can tell Mercurial that a given prefix should match for both HTTP and HTTPS by stripping the scheme part from the prefix and adding a schemes section to the credentials:

[auth]
bb.prefix = bitbucket.org
bb.username = foo
bb.password = foo_passwd
bb.schemes = http https

For detailed reference information, consult the hgrc auth documentation.

Configure Mercurial to not prompt for your password every time you push/pull via HTTPS.