Monday, March 7, 2011

Mercurial Credentials

We are switching to Mercurial from CVS at work to hopefully reduce some of the inefficiencies we encounter when pushing new features into production. My initial impression was not favorable because I had to enter my credentials for every single operation. "I entered my username and password 10 seconds ago. You want them again?"

My thoughts then turned to Google. Surely I'm not the only one who is annoyed by this. Sure enough, I wasn't. Before you think I'm violating first principles, bear with me.

The first way I found was to store my username and password in the mercurial settings file...in the clear. Storing passwords in the clear is unacceptable.

The next suggestion was to use the keyring extension that came in the TortoiseHG install. The keyring extension encrypts passwords before storing them, so you can enter once and not worry about it.

The tutorial for configuring the keyring extension was easy enough to follow. However, we ran into a problem with SSL on our main repository server. Once we put the certificate fingerprint into the mercurial.ini file, we were able to clone from the main server into our local sandboxes.
[paths]
default = https://<hostname>/path/to/Repository

[hostfingerprints]
<hostname> = <certificate>
To get the value for the certificate:
  1. Navigate to the path specified for the repository in FireFox.
  2. Click on the icon to the right of the URL once the page has finished loading.
  3. Click 'More Information' button.
  4. Click the 'Security' icon in the dialog that appears.
  5. Click the 'View Certificate' button.
  6. Copy the SHA1 Fingerprint value into your mercurial.ini file.

No comments:

Post a Comment