For Rails deployment, I love Mina, so I was hoping it’d be as simple as placing my public key on Stash and changing the repository URL in config.rb. Unfortunately, that’s not how Stash works (from what I can tell); it’s username/password driven.
Not willing to put a password into an explicit shell call for cloning, I dug around, and turns out Git supports putting authentication values into a file ~/.netrc.
At first this is a little janky, but it’s not too different from a public key. It just means the inherent authorizations don’t match up immediately (ie, you can’t login to Github with a public key).
I created a user whose only job is to check out the repo, populated my .netrc as:
machine my.stash.instance login deployer password BOOM
And authentication works magically.