Metadata-Version: 2.1
Name: hg-credentials
Version: 0.1.2
Summary: Mercurial extension for storing passwords securely
Home-page: http://foss.heptapod.net/mercurial/hg-credentials
Author: Dan Villiom Podlaski Christiansen
Author-email: danchr@gmail.com
License: GPL-2.0-or-later
Classifier: Development Status :: 2 - Pre-Alpha
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: GNU General Public License (GPL)
Classifier: Programming Language :: Python
Classifier: Topic :: Software Development :: Version Control
Classifier: Environment :: MacOS X
Requires-Python: >=3.6
License-File: COPYING
Requires-Dist: secretstorage; sys_platform != "darwin" and os_name == "posix"

=====================
Credentials Extension
=====================

This is an extension for Mercurial 5.6 or later, allowing you to store
HTTP passwords securely. The extension itself does not offer any
commands, you simply enable it, and get an extra prompt::

  $ hg pull
  pulling from https://example.com/private/repo
  http authorization required for https://example.com/private/repo
  realm: Mercurial
  user: me
  password: <SECRET>
  would you like to save this password? (Y/n)  y
  searching for changes
  no changes found

That would result an a new item named in your key chain or key ring::

  Mercurial (me@example.com)

Once a password is saved, there's nothing more to do. You'll get a new
prompt, should the password suddenly stop working. To manage or delete
your passwords, use the *Keychain Services* application included with
macOS, GNOME Keyring or something similar included in your desktop
environment.

Requirements
------------

* Python 3.6 or later.
* Mercurial 5.6 or later.
* `SecretStorage <https://secretstorage.readthedocs.io/>`_ on
  platforms other than macOS.

Windows is not supported, yet.

Installation and usage
----------------------

Install the extension and its dependencies with Pip::

  $ pip install .

Then, add the following lines to your ``~/.hgrc``::

  [extensions]
  credentials =

To avoid entering passwords for each and every repository, use
``auth.schemes``::

  [auth]
  example.prefix = example.com
  example.username = me

This will cause all repositories on ``https://example.com`` to resolve
to the same Keychain item. See ``hg help config.auth`` for details.

Alternatives
------------

The most obvious alternative to this extension is the `Mercurial
Keyring <https://pypi.org/project/mercurial_keyring/>`_ extension. It
supports older versions of Mercurial and more backends, but saves
passwords in a less readable fashion.

Future plans
------------

* Consider whether it makes sense to implement a completely custom
  ``urllib2`` password manager, so passwords aren't stored in memory
  any longer than strictly necessary.

Acknowledgements
----------------

Thanks you to Octobus and Heptapod for hosting this project, and for
making Mercurial development fun again!
