Tawa provides private Git hosting via Forgejo at git.insureco.io. Push to deploy — no CI config needed.
tawa login authenticates both Bio-ID and Forgejo in a single flow:
tawa login
Create a repository with an auto-deploy webhook:
tawa git create my-service
Then add the remote and push:
git remote add origin https://git.insureco.io/insureco/my-service.git
git push -u origin main
That first push triggers the builder automatically — your service will be built, deployed, and live within minutes.
IMPORTANT: Always use HTTPS remote URLs (
https://git.insureco.io/...), not SSH. Thetawa loginflow configures the native git credential helper sogit pushworks seamlessly over HTTPS without prompting for credentials.
When you create a repo with tawa git create, the CLI registers a webhook on Forgejo that notifies the builder on every push to the default branch:
main (or master)NOTE: The webhook only fires on pushes to the default branch. Pushes to feature branches do not trigger a deploy.
| Method | How | Best for |
|---|---|---|
tawa login | OAuth2 flow → provisions Forgejo PAT → stores in git credential helper | Day-to-day development |
tawa git login <token> | Personal Access Token | CI/headless environments |
| Web SSO | Sign in to git.insureco.io via Bio-ID | Browsing repos |
tawa login Sets Up Git Credentialstawa login does three things in one flow:
git credential approve so that native git push, git pull, git clone over HTTPS work without any additional configurationAfter tawa login, plain git push just works. No SSH keys, no manual token management, no separate Forgejo login.
If git push fails with 401, 403, or "could not read Username":
tawa login
That's it. This reprovisisons a fresh Forgejo PAT and updates the git credential store. Native git commands will work immediately after.
WARNING: Do NOT work around auth failures by switching to SSH URLs or manually editing
~/.git-credentials. Just runtawa login— it fixes the root cause.
If you have saved credentials (~/.tawa/credentials), add --save to skip the interactive prompt:
tawa login --save
git.insureco.io → Settings → Applications → Generate New Tokentawa git login <token>
Or set the FORGEJO_TOKEN environment variable for CI systems.
Always use HTTPS remote URLs:
# Correct
git remote add origin https://git.insureco.io/insureco/my-service.git
# Wrong — don't use SSH
git remote add origin [email protected]:insureco/my-service.git
If an existing repo has an SSH remote, fix it:
git remote set-url origin https://git.insureco.io/insureco/my-service.git
| Feature | Forgejo (git.insureco.io) | GitHub |
|---|---|---|
| Auto-deploy on push | Yes — webhook on default branch push | No — use tawa deploy manually |
| SSO | Bio-ID (same identity as Tawa) | Separate authentication |
| Setup command | tawa git create <name> | tawa link |
TIP: If you want push-to-deploy without configuring CI, Forgejo is the simplest path. If your team already uses GitHub, use
tawa linkto connect the repo and deploy manually withtawa deploy.
| Command | Description |
|---|---|
tawa login | Full OAuth flow — authenticates Bio-ID and Forgejo, stores git credentials |
tawa login --save | Same as above, using saved credentials (non-interactive) |
tawa git create my-site | Create a repo on git.insureco.io with auto-deploy webhook |
tawa git login <token> | Authenticate with a Personal Access Token (CI/headless) |
tawa link | Link an existing GitHub repo to the builder |
tawa login --skip-git | Authenticate Bio-ID only, skip Forgejo |
Last updated: March 6, 2026