opengithub Git
Work with repositories over HTTPS
opengithub serves smart HTTP Git endpoints from its own Rust API. Public repositories can be cloned anonymously. Private repositories require a signed browser session or a personal access token with repository scope.
Clone and fetch
HTTPS commands
git clone https://opengithub.namuh.co/mona/octo-app.git cd octo-app git fetch origin main
Push changes
Push commands
git remote add origin https://opengithub.namuh.co/mona/octo-app.git git branch -M main git push -u origin main
For private repositories or command-line pushes, use a personal access token as the HTTPS password. Tokens are stored hashed by the API and are never returned after creation.
Authenticate with a token
Create fine-grained tokens for selected repositories whenever possible. Classic tokens remain available for older automation that expects broad legacy scopes. The token secret is shown once, then only the prefix, status, last-used time, and expiration remain visible in Developer Settings.
Token-backed Git
git clone https://opengithub.namuh.co/mona/private-app.git # Username: your opengithub login # Password: paste an oghp_ personal access token with repo:read git -c credential.helper= clone https://mona:oghp_your_token@opengithub.namuh.co/mona/private-app.git
- Use repo:read for clone/fetch and repo:write for push.
- Selected-repository fine-grained tokens work only for the repositories chosen during creation.
- Revoked or expired tokens fail immediately for Git, REST, and package registry requests.
REST and packages
The same personal access token can authorize REST API calls and OCI package pulls or pushes when its scopes include the matching permissions. Successful use refreshes the token last-used timestamp after the Rust API validates the hash, expiration, revocation state, scopes, and repository selection.
REST and registry
curl -H "Authorization: Bearer oghp_your_token" \ https://opengithub.namuh.co/api/user echo "$OPENGITHUB_TOKEN" | docker login opengithub.namuh.co \ -u "$OPENGITHUB_ACTOR" --password-stdin docker pull opengithub.namuh.co/mona/octo-image:latest
SSH public keys
Add public SSH keys in Developer Settings so future SSH transport can validate the key fingerprint without storing private material. Revoked keys remain in account history, are excluded from authentication, and keep their audit trail.
SSH key setup
ssh-keygen -t ed25519 -C "mona@example.com" cat ~/.ssh/id_ed25519.pub # Add the public key in /settings/keys before SSH transport is enabled. # opengithub stores the SHA256 fingerprint and never stores private keys.
- Supported public-key rows show key type, SHA256 fingerprint, read/write access, source, added date, and last-used state.
- Duplicate active fingerprints are rejected before a new key is stored.
Commit signing and vigilant mode
Upload armored public GPG keys for commit and tag verification. Active GPG fingerprints mark matching user-attributed commits as verified. Vigilant mode flags unsigned or untrusted commits attributed to you as unverified until a trusted signing key matches.
GPG signing
gpg --armor --export mona@example.com git config --global user.signingkey 0F1E2D3C4B5A6978 git config --global commit.gpgsign true
Raw armored public keys are accepted only when adding a key. API responses and browser rows show fingerprints, key IDs, extracted email addresses, and revoked state without returning the armor.
Raw files and archives
Raw and archive
curl -L https://opengithub.namuh.co/mona/octo-app/raw/main/README.md curl -L -o octo-app.zip https://opengithub.namuh.co/mona/octo-app/archive/refs/heads/main.zip