When using git-over-https, git commands will prompt for LC username and password. Users MUST use a Personal Access Token (PAT) as the password, as OTP token authentication is not allowed. NOTEPATs have a maximum lifetime of 30 days, despite what you might see in the web UI. You should receive automated emails when your token is about to expire, and when it has expired.
To generate a PAT, go to your GitLab profile settings:
- CZ: https://lc.llnl.gov/gitlab/-/user_settings/personal_access_tokens
- RZ: https://rzlc.llnl.gov/gitlab/-/user_settings/personal_access_tokens
- SCF: https://lc.llnl.gov/gitlab/-/user_settings/personal_access_tokens
Complete the following steps:
- Click the blue "Add new token" button (near the top right)
- Fill out the request with a token name and the appropriate scope.
- Token name and description can be whatever you choose.
- It is best practice to select only the scopes needed on a token, with write_repository as sufficient for pushing/pulling git repos. We discourage the use of the 'api' scope.
- The expiration date will automatically fill in with the maximum allowable date.
- Finish the PAT request with the blue "Create token" button.
- Immediately after creating the token, copy the contents using the clipboard button. Once you navigate away from this page, you will not be able to view the token again.
Finally, use the token. From the command line, run
git clone or similar operation. Supply your LC username as the username, and the contents of your PAT as the password. See the note below for issues with copy-paste on LC systems.Usage example:
git clone https://lc.llnl.gov/gitlab/MY-PROJECT/my-repo.git Cloning into 'my-repo'... Username for 'https://lc.llnl.gov': <your-LC-username> Password for 'https://your-LC-username@lc.llnl.gov': <your-PAT-value>
Notes
- If your terminal pops up a dialog for entering the username and PAT, this can cause problems with copy/paste. To prevent the dialog, set the SSH_ASKPASS environment variable to an empty string - this will cause the prompting to be done at the command line. Setting the variable can be done in your .cshrc, .bashrc, etc files, or on the command line with:
SSH_ASKPASS="" your-git-command-here
- PATs are cached automatically, within a session you should not have to re-authenticate for each operation involving the remote server. If you find you are needing to re-authenticate in a given session, add these lines to the ~/.gitconfig file on the system:
[credential] helper = cache --timeout=43200