Use Github tokens instead of ssh keys

[manics]

If this works it'd be possible to supply the username and token as an environment variable instead of messing with ssh keys. It's also easy to revoke tokens if necessary.

• https://help.github.com/articles/which-remote-url-should-i-use/#cloning-with-https-urls-recommended
• https://help.github.com/articles/creating-an-access-token-for-command-line-use/
• https://git-scm.com/docs/gitcredentials
• https://git-scm.com/docs/git-credential-store

[sbesson]

@manics: I completely agree that the token-based HTTPS URL are very attractive and managing only tokens as opposed to tokens + SSH keys would be very advantageous. For instance, I use a development token for testing/pushing tags to @snoopycrimecop manually to prevent interfering with my own SSH keys.

The main downside/amount of work I see with this proposal is that the scc library was been written with the SSH URLs in mind. This would need to be updated to support token-based approach. Additionally, we would need to review all places where a token might be leaked publicly via the remote URL.

[manics]

Additionally, we would need to review all places where a token might be leaked publicly via the remote URL.

My reading of the git-credentials links is that the token can be read automatically from a file store, and doesn't need to be included in the HTTPS URL.