2.3.2 Storing a Token

Please also see (auth)Top for all the gory details about Auth-Source.

The variable auth-sources controls how and where Auth-Source keeps its secrets. The default value is a list of three files: ("~/.authinfo" "~/.authinfo.gpg" "~/.netrc"), but to avoid confusion you should make sure that only one of these files exists and then you should also adjust the value of the variable to only ever use that file, for example:

(setq auth-sources '("~/.authinfo"))

In ~/.authinfo secrets are stored in plain text. If you don’t want that, then you should use the encrypted ~/.authinfo.gpg instead:

(setq auth-sources '("~/.authinfo.gpg"))

Auth-Source also supports storing secrets in various external key-chains. See (auth)Top for more information.

The default Auth-Source backends only support storing three values per entry; the "machine", the "login" and the "password". Because Ghub uses separate tokens for each package, it has to squeeze four values into those three slots, and it does that by using "USERNAME^PACKAGE" as the "login".

Assuming your Github username is "ziggy", the package is named "forge", and you want to access Github.com with the token "012345abcdef…", an entry in one of the three mentioned files would then look like this:

machine api.github.com login ziggy^forge password 012345abcdef...

Assuming your Gitlab username is "ziggy", the package is named "forge", and you want to access Gitlab.com with the token "012345abcdef…", an entry in one of the three mentioned files would then look like this:

machine gitlab.com/api/v4 login ziggy^forge password 012345abcdef...