Mercurial Keyring Prompts for Password Every time

Question

I am using the mercurial key-ring extension to store the password to my remote repository on BitBucket, so I don't have to enter it every time I push to the remote repository. Ironically, it asks me for the password to unlock the key-ring every time I need to access it; thereby completely mitigating its purpose to me. What am I doing wrong?

In my global mercurial config (~/.hgrc) I have the following lines:

[extensions]
hgext.mercurial_keyring = /etc/mercurial/mercurial_keyring.py

In my repo mercurial config (.hg/hgrc), I have:

[paths]
default = https://[email protected]/username/repo

Example:

> hg out
> comparing with https://[email protected]/username/repo
> Please enter password for encrypted keyring:

I have tried uninstalling the keyring and trying again. I've also played about with configuration settings I've found online to no avail. I also couldn't find anything on encrypted keyring and non-encrypted keyring in regards to mercurial.

How can I get it so that I don't have to enter a password at all when I perform actions to the remote repo?

Answer 1

it asks me for the password to unlock the key-ring. What am I doing wrong?

Nothing. Read the keyring docs, password for accessing keyring must be provided once for session

Answer 2

I don't know if this was already the case at the time the question was asked, but now the solution is directly explained in the keyring extension wiki link in your question.

Just enabling the keyring extension is not enough, you also need to tell Mercurial the remote repo and the username in the config file.

Quote from the link:

3.2. Repository configuration (HTTP)

Edit repository-local .hg/hgrc and save there the remote repository path and the username, but do not save the password. For example:

[paths] 
myremote = https://my.server.com/hgrepo/someproject

[auth] 
myremote.schemes = http https 
myremote.prefix = my.server.com/hgrepo
myremote.username = mekk

Simpler form with url-embedded name can also be used:

[paths]
bitbucket = https://[email protected]/User/project_name/

Note: if both the username and password are given in .hg/hgrc, the extension will use them without using the password database. If the username is not given, extension will prompt for credentials every time, also without saving the password. So, in both cases, it is effectively reverting to the default behaviour.

---

Note that you don't need to specify all the information shown in those examples.

On my machine (Mercurial 5.0.2 on Windows), I'm using a simpler form which also works for multiple repos.
This is a 1:1 copy from my actual config file:

[extensions]
mercurial_keyring = 

[auth]
bb.prefix = https://bitbucket.org/
bb.username = christianspecht

This uses the keyring extension to save the password for the user christianspecht, for all remote repos whose URL starts with https://bitbucket.org/.

The prefix bb can be freely picked, so you can use this to save multiple URLs/usernames at once.

This works perfectly well (at least until Bitbucket drops Mercurial support in a few weeks...) - it asks for the password once, then it's automatically saved and it never asks again.