This change allows specifying a token to be used for retrieving configuration files and queries from external repositories. This is useful if the repositories containing these files are private. It also has the side-effect of fixing the fact that external queries were not usable at all on GitHub Enterprise Server; they will now work automatically for public repositories and allow you to provide a token for private repositories.

I'm not completely convinced about the name of the configuration option so I'm very happy to hear suggestions about that (or obviously anything else about the implementation).

I've played around with the Git authentication logic a fair bit, and I think I've got something that works reasonably. I tried using the Git extraheader option to authenticate but I'm a bit concerned that by base-64 encoding the token before using it in a command we risk it being leaked by it not being redacted correctly all the time. Another option is to use a credential helper, which has the advantage of being able to pass credentials in environment variables instead of on the command line, but I'm not sure this would work cross-platform very well. I think another alternative would be to write the clone URL with credentials directly to .git/config, but that gets a bit complicated as we then need to be able to parse the gitconfig file format.

Merge / deployment checklist

• Confirm this change is backwards compatible with existing workflows.
• Confirm the readme has been updated if necessary.