I'm using envbuilder 0.2.9 and allowing my users to set the branch portion of the GIT_URL (by using a parameter in the #refs/heads/${data.coder_parameter.repo_branch.value} value) in new workspaces via the form parameters. This works, but when the repo gets cloned the credentials I set to GIT_USERNAME and GIT_PASSWORD for envbuilder to be able to pull the repo are written to .git/config (as explained in the readme ) which then overrides any token refreshing as the config takes priority over GIT_ASKPASS.

As a workaround I am just clearing this via a startup script, but this seems to be a bug.