The plain text file format used by a helper like git-credential-store is formatted as https://username:password@host. When the username is itself an email address (e.g., when authenticating with a GitLab Personal Access Token), the additional @ character collides with the standard delimiter separating the credentials from the target host.
Because the parser is naive, it fails to disambiguate the username's @ from the host's delimiter. Consequently, credential lookups fail silently, and Git reverts to prompting for a password even when ~/.git-credentials is populated correctly.
Resolutions
- Percent-encode the username: Encode the
@in the email address as%40(e.g.,samuel.adams%40docebo.com) within the store. - Use GitLab Deploy Tokens: Where applicable, use a Deploy Token instead of a PAT tied to an email identity. Deploy token usernames are auto-generated opaque strings without specialty characters, avoiding the delimiter issue entirely. They are also narrower in scope (project-level,
read_repositoryonly) and distinctively revocable, conforming to the principle of least privilege.