WORKING NOW - add github.com twice
After debugging more by adding the -d flag to netrc in the credential helper, I found it wasn't matching the usernames in the <USER>@github.com in the remote URLs.
Because some SO answers use the 1 line format for netrc, I tried adding machine github.com twice… and it worked ♀️
machine github.com
login PERSONAL-USER
password PAT1
machine github.com
login WORK_USER
password PAT2
Use case
I have a situation that is maddening because everything works when I have a .netrc file, but breaks as soon as it's encrypted to .netrc.gpg. I've used this setup for years, decrypting it on the fly with my YubiKey and git config credential.helper 'netrc -f ~/.netrc.gpg -v'.
I recently had to adjust the setup because of work:
- I have a personal GitHub account
- I have a 2nd work account because my employer uses GitHub Enterprise Cloud.
So I have a .netrc file that needs 2 logins for 1 host like this:
machine github.com
login PERSONAL-USER
password PAT1
login WORK_USER
password PAT2
Yes, my personal username has a dash - in it. My work username has an underscore _. Would this make a difference?
The weird thing is that it works if it's unencrypted. But as soon as I encrypt it, it breaks.
.netrc✅ works.netrc.gpg❌ cannot authenticate
When I have this file as an unencrypted .netrc file in my home directory, it works fine.
However, as soon as I encrypt it, it breaks and says repository not found, like this:
$ git push origin :test2
using gpg for GPG operations
Using GPG to open /Users/redacted/.netrc.gpg: [gpg --decrypt /Users/redacted/.netrc.gpg]
gpg: encrypted with rsa4096 key, ID ED826C8A57E12FC3, created 2018-05-27
"Julie Ng <REDACTED>"
remote: Repository not found.
fatal: repository 'https://github.com/julie-ng/REDACTED.git/' not found
Other things I tried
Set contexts
I also tried specifying which accounts to use. So my global git config via ~/.gitconfig has these lines in it per official git documentation on configuring contexts
[credential]
helper = netrc -f ~/.netrc.gpg -v
user = <PERSONAL-USER>
useHttpPath = true
[credential "https://github.com/<WORK_USER>/*"]
user = <WORK_USER>
[credential "https://github.com/<WORK_OSS>/*"]
user = <PERSONAL-USER>
[credential "https://github.com/<PERSONAL-USER>/*"]
user = <PERSONAL-USER>
Specify user in git remote
I even tried
# personal repo - doesn't work
git remote set-url origin https://<PERSONAL-USER>@github.com/...
and it does not work. I did the same for a work specific repo.
# work repo - works?!
git remote set-url origin https://<WORK_USER>@github.com/<WORK_USER>...
And the work works fine.
Clear all caches, etc
- I use a mac, but not the osx keychain. Being paranoid, I confirmed nothing's there.
- I also ran
git credential-cache exitbetween tests - And I also ran
gpg-connect-agent reloadagent /byebetween tests
I'm at wits' end trying to figure this out. Does anyone have any idea why this would work with a unencrypted .netrc file but not when encrypted to .netrc.gpg??