It probably does allow that. Though I personally dislike the idea of there being hard-coded credentials (either injected into the environment or provided as part of the repo) out there that effectively do not expire. I really like the idea of the ephemeral credentials. And as far as I know, it does not provide ephemeral SSH keys (which would be awesome).
Regardless, I think that side-steps the fundamental question and that's my fault for focusing too much on my motivating example (e.g., CI).
How would SwiftPM resolve the same package using multiple protocols?
- Developer A uses Git over HTTPS and a
~/.netrc file for authentication.
- Developer B uses Git over SSH and a
~/.ssh/id_rsa file for authentication.
As far as I can tell,
Package.swift file encodes the protocol therefore SwiftPM can only support one transport protocol at a time. Meaning that one of those 2 developers has to abandon their workflow.
Is that worth-while addressing? To me it is. The fact that Git itself provides a protocol agnostic option in the submodule configuration possibly implies that they also felt it worth addressing.
Then again, maybe this takes the project to being too closely dependent on Git.