Skip to content

Instantly share code, notes, and snippets.

@marcelaraujo
Forked from StevenACoffman/goGetPrivate.md
Created October 6, 2023 11:08
Show Gist options
  • Save marcelaraujo/dfb93e68a8e871490105f0c383ca7926 to your computer and use it in GitHub Desktop.
Save marcelaraujo/dfb93e68a8e871490105f0c383ca7926 to your computer and use it in GitHub Desktop.
How to `go get` private repos using SSH key auth instead of password auth.

Set GOPRIVATE to match your github organization

Cloning the repo using one of the below techniques should correctly but you may still getting an unrecognized import error.

As it stands for Go v1.13, I found in the doc that we should use the GOPRIVATE variable like so:

GOPRIVATE=github.com/ORGANISATION_OR_USER_NAME go get -u -f github.com/ORGANISATION_OR_USER_NAME/REPO_NAME

The 'go env -w' command (see 'go help env') can be used to set these variables for future go command invocations.

How to go get private repos using SSH key auth instead of password auth.

$ git config --global url."git@github.com:".insteadOf "https://github.com/"
$ cat ~/.gitconfig
[url "git@github.com:"]
	insteadOf = https://github.com/
$ go get -u -f github.com/private/repo && echo Success!
Success!

In Git ssh://git@host/resource, git+ssh://git@host/resource, ssh+git://git@host/resource and git@host:resource are all the same protocol.

💡 NOTE: go get uses HTTPS when cloning a repository. So configuring insteadOf rewriting rules will cause problems with go get -u github.com/private/repo later on, since a check at update time to verify that the local package's remote repository matches that of its custom import. This change was introduced in Go 1.4.

The workaround for that rewriting check would be to use go get -u -f github.com/private/repo:

The -f flag, valid only when -u is set, forces get -u not to verify that each package has been checked out from the source control repository implied by its import path. This can be useful if the source is a local fork of the original.

Sources:

How to go get private repos using HTTPS via Personal Access Tokens

An alternative to using git@github.com is to generate a personal access token on your GitHub account (or for a service account), grant it repo access, and then use the following instead:

# Github
git config --global url."https://${GITHUB_TOKEN}:x-oauth-basic@github.com/".insteadOf "https://github.com/"

# Gitlab personal access token
git config --global url."https://gitlab-ci-token:${GITLAB_PERSONAL_ACCESS_TOKEN}@gitlab.com/".insteadOf "https://gitlab.com/"

# BitBucket is a weird place. You need user slug rather than username
git config --global url."https://user%40bitbucket.com:${BITBUCKET_ACCESS_TOKEN}@bitbucket.com/".insteadOf "https://bitbucket.com/"

You could also just store credentials in a credential helper like the ~/.git-credentials file.

Both should still work with go get -u, and also works with Docker builds.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment