The UCSF GitHub Enterprise Program provides UCSF staff/affiliates with access to collaborative version control and source code management (Paid for by IT Governance Roadmap Funds). Source code control systems are essential for collaborative software development, enabling code reuse, management, and integrity. 

Source control is critical for supporting clinical systems and other operational software at UCSF. While public cloud-based source control platforms such as GitHub were once widely used at UCSF, code developed throughout UCSF can contain restricted information. A secured and validated source control system is now available to our information technology, clinical, and research communities.

Which GitHub should I choose for my team? 

Excellent question! This article should help. If not, let us know at [email protected] 

Do I really have to be on the VPN or on a UCSF campus network?

Yes. This is how we protect your data, by limiting access to it to only devices on the UCSF network.

I get that the service is behind a firewall, but why doesn't it look like the DNS for git.ucsf.edu is valid?

The DNS servers for many secure resources at UCSF are also behind the firewall.

I'm seeing a "site took too long to respond" error in my browser when I try to access git.ucsf.edu, why?

Sometimes, a computer will cache an incorrect DNS response and then keep trying to use it instead of the correct one. If you tried to go to git.ucsf.edu *before* signing in to the VPN, this might have happened. You might try to clear the DNS cache on your computer. Here’s a page that describes how to clear your DNS cache on all major computer platforms.

Chrome also caches DNS on its own. In Chrome, go to 'chrome://net-internals/dns#dns' and click on the 'Clear host cache' button to clear the DNS cache.

I'm getting an error when I enter my username and password for the GitHub CLI authentication, why is that?

GitHub CLI authentication errors occur because GitHub no longer accepts passwords for command-line operations. This change was implemented as a security measure to protect users' accounts and repositories.

Why did my Password Authentication Fail? 

• As of August 2021, GitHub discontinued password authentication for Git operations
• This affects both command line and desktop applications
• The change applies to all GitHub platforms (Cloud, Enterprise Cloud, and on-premises GitHub Enterprise)

Available Authentication Methods

1. SSH Keys:
   • Uses public/private key pair encryption
   • More secure than passwords
   • Requires initial setup but provides seamless authentication afterward
2. Personal Access Tokens (PATs):
   • Generated through GitHub's web interface
   • Can be scoped to specific permissions
   • Acts as a replacement for your password

Getting Started

To resolve your authentication error, visit GitHub's official documentation:

• For SSH setup: GitHub SSH Documentation
• For Personal Access Tokens: GitHub PAT Documentation

Best Practices

• Store credentials securely using your system's credential manager
• Never share authentication details in emails, chat messages, or version control
• Regularly review and rotate your tokens
• Use the minimum required scopes for your tasks

Troubleshooting Tips

If you still encounter issues:

• Verify your token hasn't expired
• Check that you have the correct permissions enabled
• Ensure you're using the latest version of GitHub CLI
• Clear existing credentials and retry authentication

Can I use GitHub Pages with our GitHub Enterprise servers?

Yes! See Pages for GitHub Enterprise (on-prem and cloud). On-prem is still behind the firewall, so you still need to be on VPN to access Pages sites for repositories in the on-prem instance (git.ucsf.edu). Also, while we do have a wildcard domain for git.ucsf.edu, it's against security policy to have a wildcard SSL certificate. So the documented domain features will not work 100% for your site. For more details about this, see Pages for GitHub Enterprise (on-prem and cloud).

I like the idea of version control, I'm just not sure I'm ready to share my code publicly with the world

We get it, and that's OK. You are in luck, because our GitHub Enterprise server is behind a firewall, so even if you create a repository with visibility set to "public" this only means "public within UCSF." And trust us, your colleagues are awesome. Even really messy code, or thought experiments, can benefit from collaboration. You can of course set your visibility to "private", just like on standard GitHub, so, if you really want to keep your repository a secret, you can do that. But, just remember, we'd like to see your work. 

How do I get help with GitHub Enterprise?

Sign up for our internal Slack channel #ucsf-github on UC Tech (uctech.slack.com). This channel provides support to UCSF GitHub Enterprise users.

You can also get support by emailing [email protected].