Jenkins Git "fatal: could not read Username" - Fix Checkout Auth
Git tried to authenticate over HTTPS during checkout, found no credentials, and could not prompt interactively in CI - so it failed with "could not read Username". The job has no usable credential bound to the clone.
What this error means
Checkout fails with fatal: could not read Username for 'https://...': terminal prompts disabled (or Authentication failed). The repo URL is reachable, but no credential was supplied, so Git cannot proceed unattended.
fatal: could not read Username for 'https://github.com': terminal prompts disabled
ERROR: Error cloning remote repo 'origin'
hudson.plugins.git.GitException: Command "git fetch ..." returned status code 128Common causes
No credential bound to the checkout
The SCM/checkout config references an HTTPS URL but has no credentialsId, or the referenced credential was deleted, so Git has nothing to send.
Wrong credential type or expired token
A username/password credential holds an expired or revoked personal access token, or an SSH key is configured while the URL is HTTPS (mismatch).
How to fix it
Bind a valid credential in the checkout
Reference a stored Username/Password (or token) credential by ID in the SCM step.
checkout([$class: 'GitSCM',
userRemoteConfigs: [[
url: 'https://github.com/org/repo.git',
credentialsId: 'github-token'
]]
])Use the right credential type and refresh tokens
- For HTTPS, store a Username/Password credential with a current PAT as the password.
- For SSH, switch the URL to
git@host:org/repo.gitand bind an SSH key credential. - Rotate expired tokens in Manage Jenkins → Credentials and reference the new ID.
How to prevent it
- Always set
credentialsIdon HTTPS checkouts. - Match credential type to URL scheme (token for HTTPS, key for SSH).
- Rotate PATs before expiry and use folder-scoped credentials for least privilege.