Don't save credentials in repo

I’m importing files from a webdav:
dvc import-url webdavs://host/remote.php/dav/files/username/path/to/file --fs-config user=username password=password
The problem is, dvc then adds the credentials to .dvc file

Is there a way to prevent that?

Hey there
After going through your query it sounds like you’re encountering a security concern by inadvertently saving credentials in your repository. When importing files from a webdav using dvc, ensure that credentials aren’t stored in the .dvc file for security reasons. You might want to explore alternative authentication methods or encrypting the credentials to mitigate this risk.

Hi, you can setup a webdav remote in dvc, and use it to import.

See WebDAV.

For example, you can setup remote with a name (eg: myremote) as follows:

dvc remote add -d myremote \

You can similarly set user and password as follows:

dvc remote modify myremote user username
dvc remote modify --local myremote password password123

Please refer to the above link for more options.

After that, you can import using remote://<remote_name> and then add relative path to the url you added as a remote (eg: in above case).

For downloading, host/remote.php/dav/files/username/path/to/file, it’ll look as follows:

dvc import-url remote://myremote/path/to/file
1 Like

Big thanks, couldn’t find that in the docs.

Also, do you know if it’s possible to use env variables for credentials without running dvc remote modify?