Configuring User Auth for HTTPS
posted by Zachary Voase on October 1, 2009
If you use HTTPS as your chosen method of pushing/pulling to a repo, you’ll
find that every time you do so, Mercurial will ask for your credentials.
Fortunately, a simple piece of configuration in your ~/.hgrc file can fix this.
Note: This is a new feature that was introduced in Mercurial 1.3. If you have an older version you’ll need to update to use this tip!
Note: This tip involves putting your username and password in plain text
in your ~/.hgrc. It’s usually a lot more secure to either:
- Use SSH and
ssh-agent(see this article), or - Enter your password every time.
If you are not 100% sure that you are the only one with access to your
~/.hgrc file, then stop now.
The [auth] section in your ~/.hgrc file contains credentials for HTTP
authentication. Each set of credentials can be given an arbitrary name; for
the purposes of this tip we’ll assume you’re using BitBucket to host your
repository, so this set of credentials will be called bb.
Add the following to your ~/.hgrc:
[auth]
bb.prefix = https://bitbucket.org
bb.username = {username}
bb.password = {password}
Replacing {username} and {password} with your BitBucket credentials.
You can also specify multiple sets of credentials with different prefixes. For example, if you have two BitBucket accounts:
[auth]
bb1.prefix = https://bitbucket.org/foo/
bb1.username = foo
bb1.password = foo_passwd
bb2.prefix = https://bitbucket.org/bar/
bb2.username = bar
bb2.password = bar_passwd
Pushing to any repo whose URI starts with https://bitbucket.org/foo/ will
use the ‘foo’ account, and likewise for ‘bar’. In this case, however, you can
take advantage of the fact that Mercurial will always choose the set of
credentials with the most specific matching prefix. Therefore, if you have:
[auth]
bb1.prefix = https://bitbucket.org/
bb1.username = foo
bb1.password = foo_passwd
bb2.prefix = https://bitbucket.org/bar/
bb2.username = bar
bb2.password = bar_passwd
Then any non-/bar/ repos will use the ‘foo’ account, because it is the only
matching prefix. /bar/ repos will use the ‘bar’ account, since both of them
match but ‘bar’ is more specific.
Finally, you can tell Mercurial that a given prefix should match for both
HTTP and HTTPS by stripping the scheme part from the prefix and adding a
schemes section to the credentials:
[auth]
bb.prefix = bitbucket.org
bb.username = foo
bb.password = foo_passwd
bb.schemes = http https
For detailed reference information, consult the
hgrc auth documentation.