Skip to main content
Code Storage supports standard Git operations over HTTPS. You can use any Git client with JWT-authenticated remote URLs.

Authentication format

Git commands use HTTP Basic Auth with a JWT-backed remote. The format is consistent across every repository:
  • Username: Always t (for “token”)
  • Password: Your JWT token
  • Repository: Must match the repo claim in your JWT
Example: 
git clone https://t:eyJhbGciOiJSUzI1NiI...@your-name.code.storage/repo-id.git
The SDK and dashboard mint these URLs for you, but you can also construct them manually once you have a JWT. If authentication fails, confirm that:
  • The JWT repo claim matches the repository ID you are cloning or pushing.
  • The token includes the scopes required for the command (git:read, git:write, or repo:write).
  • The token has not expired (exp claim) and is signed by an active key (kid).

Supported commands

Every command uses the same remote syntax and JWT authentication scheme.

Read operations (git:read)

git clone https://t:JWT@your-name.code.storage/repo-id.git
git fetch origin
git pull origin main

Write operations (git:write)

git push origin main
git push --tags
git push --force   # If branch protection is disabled
The SDK’s repo.getRemoteURL() helper generates the JWT-backed URL for you. You can also mint JWTs manually through the authentication flow described in Core Concepts. Once you have the URL, Git behaves exactly the way it does against any other HTTPS remote.

Integration patterns

Use scoped JWTs to differentiate between automation, developers, and product-level access. Short TTLs keep CI credentials disposable, while longer-lived tokens can be issued to developer machines or preview environments.

CI/CD pipeline

// Generate short-lived token for CI
const token = await repo.getRemoteURL({
  permissions: ['git:read', 'git:write'],
  ttl: 3600, // 1 hour
});

// Use in CI script
await exec(`git clone ${token}`);
await exec('pnpm test');
await exec('git push origin main');

Development environment

// Generate long-lived token for development
const devUrl = await repo.getRemoteURL({
  permissions: ['git:read', 'git:write'],
  ttl: 2592000, // 30 days
});

console.log(`Add to .git/config: ${devUrl}`);
When in doubt, mint tokens via the SDK—its helpers manage scope validation and URL formatting for you.