When pushing code to a GitLab repository, it’s often best to avoid including your personal access token (PAT) directly in the URL for security reasons. This is especially important when working on public machines or in shared environments where sensitive data could be exposed. In this post, we’ll walk through how to use your GitLab Personal Access Token more securely by entering it via a prompt.

1. Set the Remote Repository URL

Set your remote repository URL in the standard HTTPS format. Using a token-free URL ensures Git will prompt you for credentials.

1
2

# Update the origin if it already exists.
git remote set-url origin https://gitlab.com/yourusername/yourproject.git

2. Run git push and Enter Your Credentials

Now when you run the git push command, Git will ask for your username and password. Enter your PAT as the password.

1
2
3

$ git push -u origin master
Username for 'https://gitlab.com': yourusername
Password for 'https://yourusername@gitlab.com': glpat-XXXXXXXXXXXXXXXX  # Enter your token here
  • Username: Your GitLab username or email address
  • Password: Your Personal Access Token (glpat-…)

3. Prevent Credential Caching (Optional)

To ensure your token isn’t saved and reused by the system, disable Git’s credential helper.

1
2
3
4
5

# Disable globally
git config --global credential.helper ""

# Or disable only within the current project
git config credential.helper ""

With this configuration, Git will prompt for credentials every time an operation (push, pull, etc.) is performed.

4. Prompt Input Example

1
2
3

$ git push -u origin master
Username for 'https://gitlab.com': yourusername
Password for 'https://yourusername@gitlab.com': glpat-abcdef1234567890

Although the token is visible in the terminal as plain text, it is not included in the URL, so it won’t be stored in browser history or logs.

Conclusion

By using prompt input instead of embedding your GitLab PAT in the URL, you can manage authentication more securely. Disabling the credential helper adds another layer of security by requiring credentials to be entered each time.