Internally I’m setting up Atlassian’s Stash, and one of the first projects I wanted to get going was my own projects that were previously hosted on Github.

For Rails deployment, I love Mina, so I was hoping it’d be as simple as placing my public key on Stash and changing the repository URL in config.rb. Unfortunately, that’s not how Stash works (from what I can tell); it’s username/password driven.

Not willing to put a password into an explicit shell call for cloning, I dug around, and turns out Git supports putting authentication values into a file ~/.netrc.

At first this is a little janky, but it’s not too different from a public key. It just means the inherent authorizations don’t match up immediately (ie, you can’t login to Github with a public key).

I created a user whose only job is to check out the repo, populated my .netrc as:

machine my.stash.instance
login deployer
password BOOM

And authentication works magically.