Where is this username / password stored?

Question

I basically have the folder structure like this:

Is it safe to share the folder (Optimate) or will it compromise the push username/password I have stored for this repository?

Answer 1

It looks as though you've stored the username and password as part of the bitbucket repository path in .hg/hgrc's [paths] section. Since you said you deleted the .hg directory in the version you're sharing, it won't be a problem, as the hgrc file is gone now.

However, for other situations you might want to put your username and password in an [auth] section in your mercurial.ini (or global hgrc) instead of in each bitbucket path. Your [paths] section of some repository's hgrc would look like this:

[paths]
default = https://bitbucket.org/myusername/myreponame

While your global config would have this section, telling it to use the specified username and password with any bitbucket urls:

[auth]
bb.prefix = bitbucket.org
bb.username = myusername
bb.password = mypassword
bb.schemes = https

Be aware that the keyring extension suggested by Lucero is more secure, as it stores the password securely rather than in plaintext. I purposely leave mine plaintext since it is work-related. If something should happen to me, somebody else should be able to take over as admin.

Answer 2

It probably does compromise it, since the repo-specific information is stored in the .hg\hgrc file.

You may want to enable and use the keyring exstension though, which solves this issue by saving credentials outside of the repositories.