diff --git a/pkg/apis/resources/v1alpha2/register.go b/pkg/apis/resources/v1alpha2/register.go
index f5bb23f0c..717054f29 100644
--- a/pkg/apis/resources/v1alpha2/register.go
+++ b/pkg/apis/resources/v1alpha2/register.go
@@ -152,13 +152,11 @@ func addWebService(c *restful.Container) error {
 		Writes(errors.Error{}))
 
 	tags = []string{"Git"}
-	webservice.Route(webservice.POST("/namespaces/{namespace}/secrets/{secret}/gitreadverify").
+	webservice.Route(webservice.POST("/git/readverify").
 		To(
 			git.GitReadVerify).
 		Metadata(restfulspec.KeyOpenAPITags, tags).
 		Doc("secret git read verify").
-		Param(webservice.PathParameter("namespace", "secret's namespace")).
-		Param(webservice.PathParameter("secret", "secret's name")).
 		Reads(gitmodel.AuthInfo{}).
 		Writes(errors.Error{}),
 	)
diff --git a/pkg/apiserver/git/git.go b/pkg/apiserver/git/git.go
index 68a7d2e48..11c3270ec 100644
--- a/pkg/apiserver/git/git.go
+++ b/pkg/apiserver/git/git.go
@@ -14,13 +14,12 @@ func GitReadVerify(request *restful.Request, response *restful.Response) {
 
 	err := request.ReadEntity(&authInfo)
 	ns := request.PathParameter("namespace")
-	name := request.PathParameter("name")
 	if err != nil {
 		response.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
 		return
 	}
 
-	err = git.GitReadVerify(ns, name, authInfo)
+	err = git.GitReadVerify(ns, authInfo)
 
 	if err != nil {
 		response.WriteHeaderAndEntity(http.StatusInternalServerError, errors.Wrap(err))
diff --git a/pkg/models/git/git.go b/pkg/models/git/git.go
index ad5e0d90f..4abeddfec 100644
--- a/pkg/models/git/git.go
+++ b/pkg/models/git/git.go
@@ -11,34 +11,45 @@ import (
 )
 
 type AuthInfo struct {
-	RemoteUrl string `json:"remoteUrl"`
+	RemoteUrl string                  `json:"remoteUrl"`
+	SecretRef *corev1.SecretReference `json:"secretRef,omitempty"`
 }
 
-func GitReadVerify(namespace string, name string, authInfo AuthInfo) error {
-	secret, err := informers.SharedInformerFactory().Core().V1().Secrets().Lister().Secrets(namespace).Get(name)
-	if err != nil {
-		return err
-	}
-	username, ok := secret.Data[corev1.BasicAuthUsernameKey]
-	if !ok {
-		return fmt.Errorf("could not get username in secret %s", secret.Name)
-	}
-	password, ok := secret.Data[corev1.BasicAuthPasswordKey]
-	if !ok {
-		return fmt.Errorf("could not get password in secret %s", secret.Name)
+func GitReadVerify(namespace string, authInfo AuthInfo) error {
+	username := ""
+	password := ""
+	if authInfo.SecretRef != nil {
+		secret, err := informers.SharedInformerFactory().Core().V1().Secrets().Lister().
+			Secrets(authInfo.SecretRef.Namespace).Get(authInfo.SecretRef.Name)
+		if err != nil {
+			return err
+		}
+		usernameBytes, ok := secret.Data[corev1.BasicAuthUsernameKey]
+		if !ok {
+			return fmt.Errorf("could not get username in secret %s", secret.Name)
+		}
+		passwordBytes, ok := secret.Data[corev1.BasicAuthPasswordKey]
+		if !ok {
+			return fmt.Errorf("could not get password in secret %s", secret.Name)
+		}
+		username = string(usernameBytes)
+		password = string(passwordBytes)
 	}
 
+	return gitReadVerifyWithBasicAuth(string(username), string(password), authInfo.RemoteUrl)
+}
+
+func gitReadVerifyWithBasicAuth(username string, password string, remote string) error {
 	r, _ := git.Init(memory.NewStorage(), nil)
 
 	// Add a new remote, with the default fetch refspec
 	origin, err := r.CreateRemote(&config.RemoteConfig{
 		Name: git.DefaultRemoteName,
-		URLs: []string{authInfo.RemoteUrl},
+		URLs: []string{remote},
 	})
 	if err != nil {
 		return err
 	}
-	_, err = origin.List(&git.ListOptions{Auth:
-		&http.BasicAuth{Username: string(username), Password: string(password)}})
+	_, err = origin.List(&git.ListOptions{Auth: &http.BasicAuth{Username: string(username), Password: string(password)}})
 	return err
 }
diff --git a/pkg/models/git/git_test.go b/pkg/models/git/git_test.go
new file mode 100644
index 000000000..fdc0954bd
--- /dev/null
+++ b/pkg/models/git/git_test.go
@@ -0,0 +1,51 @@
+package git
+
+import (
+	"testing"
+)
+
+func TestGitReadVerifyWithBasicAuth(t *testing.T) {
+	shouldSuccess := []map[string]string{
+		{
+			"username": "",
+			"password": "",
+			"remote":   "https://github.com/kubesphere/kubesphere",
+		},
+	}
+	shouldFailed := []map[string]string{
+		{
+			"username": "",
+			"password": "",
+			"remote":   "https://github.com/kubesphere/kubesphere12222",
+		},
+		{
+			"username": "",
+			"password": "",
+			"remote":   "git@github.com:kubesphere/kubesphere.git",
+		},
+		{
+			"username": "runzexia",
+			"password": "",
+			"remote":   "git@github.com:kubesphere/kubesphere.git",
+		},
+		{
+			"username": "",
+			"password": "",
+			"remote":   "git@fdsfs41342`@@@2414!!!!github.com:kubesphere/kubesphere.git",
+		},
+	}
+	for _, item := range shouldSuccess {
+		err := gitReadVerifyWithBasicAuth(item["username"], item["password"], item["remote"])
+		if err != nil {
+
+			t.Errorf("should could access repo [%s] with %s:%s, %v", item["username"], item["password"], item["remote"], err)
+		}
+	}
+
+	for _, item := range shouldFailed {
+		err := gitReadVerifyWithBasicAuth(item["username"], item["password"], item["remote"])
+		if err == nil {
+			t.Errorf("should could access repo [%s] with %s:%s ", item["username"], item["password"], item["remote"])
+		}
+	}
+}