Setting up private go modules it’s not a pain provided you don’t mind leaking a bit of information.

Let’s just read the modules reference and see if they mention my use case: a private github repository which I want to use as a module.

Lucky enough the Private modules section describes the possible solutions and how to choose one by setting some environment variables.

Provided that I am fine with with https://proxy.golang.org knowing which modules I want to download how do I set up authentication so that I can get a module from a private github repository?

The section Direct access to private modules describes this use case. For my github.com/edoput namespace I want to fall back to a direct connection using git to fetch the module’s code. This will happen whenever the proxy will return a 404 or 410 HTTP status code, e.g. for my unpublished modules and private repositories.

But direct connection still needs to authenticate against github because I want to be able to use all my repositories, not only my public ones.

Luckily the section Passing credentials to private repositories describes just that. As the go tool fetches the repositories using git (or other VCS tools) you can either specify your token/password in their configuration or rely on the .netrc file having an entry for github.com.

At the end of the day it was super easy setting up everything. After creating a personal access token you can paste it in the password field of your ~/.netrc file and it will be picked up by git.

machine github.com
  login edoardo.putti@gmail.com
  password {paste here an OAuth token with the repo scope}

The next step is remembering to set up the GOPRIVATE environment variable so that go will actually use those credentials when connecting directly to github.com.

$ GOPRIVATE=github.com/edoput go get github.com/edoput/super-secret-package

Not setting the GOPRIVATE environment variable will have the consequence of go talking to the module proxy so you may leak to a third party the full module path.