Ansible: clone repo or install helm chart from private github
Solution 1:
Personal access tokens can only be used for HTTPS Git operations.
GitHub documentation: using-a-token-on-the-command-line
The token can be used as a password when using https. So it might be necessary switch the remote from git to https when a token should be used as a password.
In general the token is mainly meant as a secyre authentication mechanism against the REST API:
As previously announced, beginning November 13th, 2020, we will no longer accept account passwords when authenticating with the REST API and will require the use of token-based authentication (e.g., a personal access, OAuth, or GitHub App installation token) for all authenticated API operations on GitHub.com. GitHub announcement
The token could be used to manage the access to GitHub repos like so:
- name: Read SSH public key to authorize
ansible.builtin.shell: cat /home/foo/.ssh/id_rsa.pub
register: ssh_pub_key
- name: Authorize key with GitHub
local_action:
module: github_key
name: Access Key for Some Machine
token: '{{ github_access_token }}'
pubkey: '{{ ssh_pub_key.stdout }}'
Ansible github_key_module
But in my reading of the announcement it is not meant to replace ssh public key authentication for normal Git operations. So it should be possible to continue to clone repos from GitHub authenticating with ssh keys or with a token when using https protocol for the remote.