To clone a Git repository with HTTPS, run git clone https://repository-address.git in your terminal to download the repository to your local machine. If you’re a developer, student, or IT professional working with platforms like GitHub or GitLab, this is one of the simplest and most common ways to get a project copy for collaboration, setup, or review.

In this guide, we’ll explain:

  • how git clone works over HTTPS,
  • what HTTPS means in the context of Git,
  • how to handle credentials when cloning private repositories, when HTTPS makes more sense than SSH,
  • and which practices help you clone repositories securely and efficiently.

Discovering HTTPS

Let’s start by explaining what the famous HTTPS means; we’ll need it later. In short, it is the encrypted version of the HTTP period. But then, what is HTTP? It is a protocol that works in client-server communication, thanks to which the Internet exists as we know it. HTTP supports different types of requests, depending on what we want to send, e.g., a specific resource or a completed form.

What distinguishes these two protocols, HTTP and HTTPS, is the letter S, meaning ‘Secure’. Despite such a small difference in name, the difference in operation is huge because HTTPS is an encrypted connection. The TLS protocol is responsible for it, which first performs key exchange to verify the security of the connection, and only then is the HTTP request made.

Get free trial

Leaving security aside for a moment, it is also worth taking a look at another reason for the popularity of HTTPS, namely, Google algorithms. The positioning of the content is influenced by many factors, but one of them is the use of the encrypted version of the protocol. According to Google, this has a significant impact, and it will certainly increase in the future, so it’s worth learning about and using this protocol.

Git clone with HTTPS from a remote repository

Your repository, such as Bitbucket, is available on the web at a specific address, and the HTTP request allows you to download such a page and display it in the browser.

This existing repository address is also the one used by Git. We need it because it is one of the parameters (and the only required one) of the clone function.

So, how to clone a GitHub repository? To clone an existing Git repository, type git clone command. The required parameter is the repository URL (aka Git URL). As in the example below:

git clone <REPOSITORY_ADDRESS>

The remote URL can use the repository URL over the supported protocols SSH, Git, HTTP, and HTTPS. You can also choose a new directory with:

git clone <REPOSITORY_ADDRESS> <DIRECTORY>

Let’s check it on the example of the most popular repository on GitHub. Specifically, it is freeCodeCamp, which has over 427k stars and over 41.4k forks. A repo like this is crucial for collaboration, as it allows multiple developers to work on the same project simultaneously.

To do a git clone HTTPS command, just go to the location where the git repo is to be placed in the terminal, type the git command, and use this repository URL:

git clone https://github.com/freeCodeCamp/freeCodeCamp.git

Git clone creates a new directory at the local path for the git repo, copies the files, and creates the initial branch from the default branch so we can begin working. The local repository will be cloned to the local machine, allowing developers to manage their working copies of the project.

And that’s all. This can take a while, as this particular project is quite sizable and Git has to download everything to a local computer. However, when everything is successful, the git repo will be cloned, and we can start working on it. It is also worth paying attention to the suffix .git – it is not required, and the address without it is also considered valid.

When we look at the repository through the browser, we find there is a sub-menu for cloning. There will be a couple of options, such as using a desktop application, downloading a ZIP archive, and also copying addresses per protocol. The image below shows the default view with an HTTPS address on GitHub.

default view with an HTTPS address on GitHub

git clone using HTTPS – Personal Access Token (PAT)

To freely use such a cloned repository, i.e., to perform pull and push operations, we must enter our password each time to verify the connection. This can be cumbersome, so Git configuration allows you to remember the credentials. To do this, we need to set the appropriate value of the attribute credential. helper in the local Git configuration. I will just add that this option has existed since version 1.7.10, so since 2012, which is quite a long time.

Setting up such a helper is simple, but there are several options for this configuration. One of them is CACHE. This option never saves our credentials to the hard disk of the computer; it only stores them in the OS cache. For security reasons, we can also set the timeout attribute, which will only temporarily remember our passwords:

git config credential.helper ‘cache ==timeout=3600’

Another type is STORE. This time, our login details are saved on disk. Importantly, this file is not encrypted in any way, and the only protection is to restrict access to the file for the user who created it:

git config credential.helper store

There is also another type, the so-called custom helpers. Here, we can use 3rd party services or create our own way of storing credentials. Of course, this configuration method is more complicated and requires more knowledge, but it allows you to significantly increase the level of security.

Differences compared to git clone SSH

Now, let’s compare the pros and cons of using HTTPS in comparison to the SSH protocol. In short, SSH, or Secure Shell, is a communication protocol used to connect securely to a remote server and uses a pair of keys to establish a connection. Generating and managing SSH keys is essential for secure authentication with remote repositories. SSH keys are used for secure authentication with remote repositories. You can learn more about creating a private key pair and using it in working with repositories here: How to clone using SSH in Git?

All the popular hosting services used to work with Git allow us to use both HTTPS and SSH, so here we have a draw. The main difference, however, is the level of security. While HTTPS is encrypted and gives us a high level of security, SSH goes a step further and forces us to create a private key pair and provide a public key to the website to establish a connection. This increases the level of control over access to repositories. The advantage here is definitely on the SSH side.

On the other hand, let’s analyze the setup time and the convenience of use. Here, HTTPS has the advantage, because it is enough to perform the clone operation with the appropriate address, enter the login/password, and it’s ready. It also works well behind most firewalls and proxies. Setting up SSH requires us to first create a key pair and secondly add it to the right place. Using the SSH URL to clone remote repositories may not be difficult or very time-consuming, but it is certainly easier to clone with HTTPS, especially for someone just entering the IT world.

HTTPSSSH
https://github.com/USER/REPO_NAME.git[email protected]:USER/REPO_NAME.git
GitHub credentials: user + passwordprivate key on local + public key on GitHub
DevOps Backup Academy

Git supports SSH, Git, HTTP, and HTTPS; the Git protocol is unauthenticated and runs on port 9418. The SSH form shown above is an alternative scp-like syntax, where USER/REPO_NAME.git is the path to repo.git.

Git clone with HTTPS – conclusion

This is the default method of cloning on the most popular platforms, such as GitHub or GitLab. We do not need any special configuration. All we need is an account, authorization with a login & password, and GitHub personal access tokens.

Of course, when it comes to security, we start to notice some problems resulting from the use of this protocol, but the convenience and ease of use are its great advantages. The risk of losing the login and password is quite high, so it is worth taking steps to increase security, e.g., using two-step password authentication.

And, of course, as always, it is also worth backing up our repositories regularly in case a hacker takes over our passwords and personal access token, and removes or encrypts all our code in order to receive a ransom.

[FREE TRIAL] Ensure compliant DevOps backup and recovery with a 14-day trial 🚀

[CUSTOM DEMO] Let’s talk about how backup & DR software for DevOps can help you mitigate the risks

Frequently Asked Questions

What is the git clone command?

Git clone is the Git command used to clone a repository from a repository URL into a local copy. If you need to clone an existing repo, you should use the following command:

git clone <REPOSITORY_ADDRESS>

Thus, you will get a copy of the existing repository to work on and make changes, and cloning also sets up remote branch heads as remote-tracking references for the remote repository. If the source is a local path on the local filesystem, Git can clone directly from local storage. It can also create a bare repository when you need a repository without a working directory or checked-out files.

However, you shouldn’t forget that git clone can’t be a substitute for a backup. The goal of a reliable backup solution is to automate the backup of your critical DevOps data. This includes repositories and all the related metadata to ensure that all the data is recoverable in any event of a disaster, like a service outage, system failure, data loss, or corruption.

Is git clone secure?

Whether you use HTTPS or SSH protocols, git clone is indeed secure. Both these protocols provide encryption during the data transfer. However, SSH additionally requires authentication through the SSH key pair. While cloning from a trusted source, you can use HTTPS, yet SSH is considered to be the more secure of the two.

Also, it’s worth bearing in mind that ‘git://’ on its own does not provide encryption and, therefore, puts your data at risk of hackers exploiting it. Similarly, cloning on a public or insecure network leaves your data vulnerable unless you have HTTPS or SSH protocol in place.

Can you clone from a private repo?

Yes, it is possible to clone from a private repo. Yet, to do so using the repository URL or remote URL of a private repo over HTTPS, you will need to go through the authentication process – provide either the username and password or a PAT (Personal Access Token). As for the SSH clone of a private repository, you won’t need to enter your credentials every single time. Many SSH users rely on ssh-agent to avoid re-entering them repeatedly.

How to set https in git?

To start off, you need to make sure that your repo URL uses HTTPS. You can do it through: 

git remote set-url origin https://github.comg/user/repo.git 

To simplify the authentication process, you can use Git’s credential helper with ‘git config –global credential. helper store’, which will save your credentials forever. Alternatively, you can use ‘cache’ for temporary storage. 

However, keep in mind that if you use GitHub, you need a Personal Access Token instead of your password for GitHub.

How to clone GitLab via HTTPS?

You should begin by copying the repo’s HTTPS URL from GitLab and inputting the following command (it will replace the URL with your repo’s URL):

git clone https://gitlab.com/username/repo.git 

If you have a private repo, you will be required to enter your GitLab username and PAT, instead of a password.ord. 

How to clone code from GitHub to GitLab?

Start by cloning the GitHub repo to your local machine. After that, you should create a new GitLab repo and add it as a remote within your local repo by using ‘git remote add gitlab https://gitlab.com/user/repo.git’. Once it is done, you will need to push your code to the relevant GitLab branch through ‘git push gitlab master’. 

Alternatively, if you want to protect and migrate your data from GitHub to GitLab, you can use backup and DR software, GitProtect.io. In this case, you will have not only a local copy of a cloned repository, but you will also get a complete backup of your entire GitHub account with all the repositories and related metadata. Thus, in case of a disaster, or just the necessity of migrating data between platforms, you can use GitProtect.io’s cross-over recovery to restore your backup from GitHub to GitLab.

What are some common mistakes when using the cloning command line?

Beginners often encounter errors during git repository cloning. Here are some common ones and how to solve them:

  • Git repository not found. Check the URL or remote URL carefully, including the path to repo.git when applicable, or confirm you have access rights to a private repository. Make sure Git is properly installed and its executable is added to your system’s PATH environment variable.
  • Authentication failed. Make sure you are using a valid personal access token and correct account password.
  • SSL certificate errors. Check your system’s SSL configuration or temporarily disable strict certificate checks (not recommended for production).
  • Connection issues. Verify your internet connection and firewall settings. Problems can also come from the remote server or blocked access to remote repos.
  • Not enough disk space to clone the repository. Go through your local filesystem and see what you can delete to free up space on your disk in order to fit the new repository.

What is a Git shallow clone?

A shallow clone is a way of cloning a Git repository with a truncated commit history. Instead of downloading the entire history, it only fetches a limited number of recent commits, which saves bandwidth and disk space. This is especially useful in CI/CD pipelines or when working with large monorepos. Instead of compressing objects, shallow cloning skips older objects entirely, keeping only the most recent ones. If you need more history later, run git fetch to deepen the clone.

What is a mirror repository?

A mirror repository is a complete copy of another Git repo, including all branches, tags, and remote references, preserving all refs from the original. Mirror repos are typically used for backups, migrations, or maintaining a read-only copy that can be replicated and kept in sync. They also configure the target repository with a refspec so that running git remote update will update all refs to match the source repository.

Before you go:

✍️ Subscribe to GitProtect DevSecOps X-Ray Newsletter and always stay up-to-date with the latest DevOps and security insights.

👀 Discover what the options are to clone a Git repository and why it gives you more control over what you do.

🔎 Check out what the difference is between Git backup and Git clone, and why the latter can’t substitute Git backup.

📚 Find out how to clone using SSH in Git and why it is a good option for security reasons.

📅 Schedule a live custom demo and learn more about GitProtect backups for your DevOps data protection.

📌 Or try GitProtect backups for your DevOps tools to eliminate data loss and ensure workflow continuity.

The article was originally published on August 9th, 2021

Comments are closed.

You may also like