Skip to content
Latchkey

curl -u / --user: Basic Authentication

-u sends basic auth, and how you pass the password decides how safe it is.

Basic auth is still common for registries, internal services, and some webhook endpoints. -u is the flag, with a couple of safer variants.

What it does

-u / --user <user>:<password> sends HTTP Basic authentication by base64-encoding the credentials into the Authorization header. If you give only the user and a colon, curl prompts for the password interactively (which fails in CI). You can also store credentials in a .netrc file and use -n / --netrc to avoid putting them on the command line.

Common usage

Terminal
curl -u "$USER:$PASS" https://api.example.com/x
curl -u "ci-bot:$TOKEN" https://registry.example.com/v2/_catalog
curl --netrc https://api.example.com/x        # read creds from ~/.netrc
curl --netrc-file ./ci-netrc https://api.example.com/x

Flags

FlagWhat it does
-u <user>:<pass>Send basic auth credentials
-u <user>User only; curl prompts for the password (breaks in CI)
-n / --netrcRead credentials from ~/.netrc
--netrc-file <f>Read credentials from a specific netrc file
--basicForce basic auth (the default scheme)

In CI

Avoid the user-only form on a runner: with no TTY, the password prompt fails or hangs. Pass full credentials from secrets, or use a netrc file written from secrets so the password never appears in the process list or shell history.

Common errors in CI

A hang or curl: (52) Empty reply can follow a -u user-only call waiting for a prompt that never comes. A 401 means the credentials are wrong or the endpoint expects bearer auth instead of basic; check the API docs.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →