Debug output exposes access tokens in certain error cases

[Megan-Wright]

Expected behaviour

Once I have set my access token using export GITHUB_TOKEN=foo I should not every see my access token displayed while running promote commands

Actual behaviour

Access tokens are displayed within github urls in errors when using the --debug flag, e.g:

(base) Megans-MacBook-Pro:github.com [email protected]$ ./services/services promote --from promote-demo --to https://github.com/Megan-Wright/gitops-example.git --service promote-demo --debug --commit-name=Megan-Wright [email protected]
2020/06/02 16:03:48 DEBUG: Cloning into 'gitops-example'...
remote: Repository not found.
fatal: repository 'https://promotion:<my access token>@github.com/Megan-Wright/gitops-example.git/' not found

Steps to Reproduce

Run a promote command which will fail with --debug set.
There are two cases I have noticed the access token being surfaced:

• The access token is invalid/doesn't have the correct permissions
• The repository you are trying to push to doesn't exist (as above)

[Megan-Wright]

Still seeing this happening any time the git repo url or access token is incorrect in a promote command - I've narrowed it down to coming from the execGit function in https://github.com/rhd-gitops-example/services/blob/master/pkg/git/repository.go but can't figure out how to remove the access token from here.

[bigkevmcd]

I wonder if we should remove the authentication from the URLs that we use as the remotes, and figure out an alternative way to authenticate the Git interactions.