diff --git a/app/models/project_import_data.rb b/app/models/project_import_data.rb
index 2900b86d643..493c82a94fa 100644
--- a/app/models/project_import_data.rb
+++ b/app/models/project_import_data.rb
@@ -13,6 +13,7 @@ require 'file_size_validator'
 class ProjectImportData < ActiveRecord::Base
   belongs_to :project
   attr_encrypted :credentials, key: Gitlab::Application.secrets.db_key_base
+  serialize :credentials, JSON
 
   serialize :data, JSON
 
diff --git a/lib/gitlab/github_import/importer.rb b/lib/gitlab/github_import/importer.rb
index e2a85f29825..515fd4720d5 100644
--- a/lib/gitlab/github_import/importer.rb
+++ b/lib/gitlab/github_import/importer.rb
@@ -7,8 +7,7 @@ module Gitlab
 
       def initialize(project)
         @project = project
-        import_data = project.import_data.try(:data)
-        github_session = import_data["github_session"] if import_data
+        github_session = project.import_data.credentials if import_data
         @client = Client.new(github_session["github_access_token"])
         @formatter = Gitlab::ImportFormatter.new
       end
diff --git a/lib/gitlab/github_import/project_creator.rb b/lib/gitlab/github_import/project_creator.rb
index d6cab3c2d24..b5ed32e5b1e 100644
--- a/lib/gitlab/github_import/project_creator.rb
+++ b/lib/gitlab/github_import/project_creator.rb
@@ -32,8 +32,8 @@ module Gitlab
 
       def create_import_data(project)
         project.create_import_data(
-          credentials: session_data.delete(:github_access_token),
-          data: { "github_session" => session_data })
+          credentials: { github_access_token: session_data.delete(:github_access_token) },
+          data: { github_session: session_data })
       end
     end
   end
diff --git a/lib/gitlab/github_import/wiki_formatter.rb b/lib/gitlab/github_import/wiki_formatter.rb
index 6c592ff469c..8be82924107 100644
--- a/lib/gitlab/github_import/wiki_formatter.rb
+++ b/lib/gitlab/github_import/wiki_formatter.rb
@@ -12,7 +12,9 @@ module Gitlab
       end
 
       def import_url
-        project.import_url.sub(/\.git\z/, ".wiki.git")
+        import_url = Gitlab::ImportUrlExposer.expose(import_url: project.import_url,
+                                                     credentials: project.import_data.credentials)
+        import_url.sub(/\.git\z/, ".wiki.git")
       end
     end
   end
diff --git a/lib/gitlab/import_url_exposer.rb b/lib/gitlab/import_url_exposer.rb
new file mode 100644
index 00000000000..6b4af0bf265
--- /dev/null
+++ b/lib/gitlab/import_url_exposer.rb
@@ -0,0 +1,17 @@
+module Gitlab
+  # Exposes an import URL that includes the credentials unencrypted.
+  # Extracted to its own class to prevent unintended use.
+  module ImportUrlExposer
+    extend self
+
+    def expose(import_url:, credentials: )
+      import_url.sub("//", "//#{parsed_credentials(credentials)}@")
+    end
+
+    private
+
+    def parsed_credentials(credentials)
+      credentials.values.join(":")
+    end
+  end
+end
\ No newline at end of file