Unable to secure repository

Hi, I’m running gitlab locally on my laptop using the gitlab/gitlab-ce:latest docker images - GitLab version 9.5.0

I’ve created a number of repositories, set their project visibility to Private and their Repository sharing to ‘only team members’.

At this point, I expect only authenticated users to be able to clone the repositories. However, I find I can both clone and push to these repositories, using the http url, from my laptop with no authentication challenge.

I haven’t added an ssh key - and this is with the http url anyway.
I haven’t added a user in gitlab that matches my default git user in my local shell.

I’m been pouring over it to figure out where I may have done something to cause it, but I’ve run out of ideas.

Anyone have any suggestions?

Ah found it.

At some point my root username/password for gitlab got into my OSX Keychain. With the osxkeychain credential helper installed it was authenticating the http requests for me.

Having deleted the entry from the keychain and flushed the credential-cache, it is now challenging me with username/password as expected.