Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Git http - securely remember credentials

Tags:

git

authentication

Is there a way to securely let git remember my credentials when connecting to remote repositories over HTTP(S)?

I've tried the core.askpass approach detailed in git-config to let an external script supply my credentials. Although it works great the username and password is still stored in plain text in the small shell script.

like image 421
Johan Sjöberg Avatar asked May 31 '11 18:05

Johan Sjöberg

People also ask

How do I get git to stop asking for password?

You can avoid being prompted for your password by configuring Git to cache your credentials for you. Once you've configured credential caching, Git automatically uses your cached personal access token when you pull or push a repository using HTTPS.

Is there a way to cache HTTPS credentials for pushing commits?

To cache your GitHub password in Git when using HTTPS, you can use a credential helper to tell Git to remember your GitHub username and password every time it talks to GitHub.

2 Answers

git invokes cURL when running over HTTP. You can store secure credentials by setting up a .netrc file in your user's home directory, and making it private to the user (0600 in Linux).

The contents of the file provide the username and password per remote domain.

machine myRemoteServer login myUserName password s3cret

See https://stackoverflow.com/questions/3947530/git-push-fatal-failed/7177690#7177690 for full server side configuration, which can easily include calls to your ldap server.

like image 156
Eddie Avatar answered Sep 30 '22 02:09

Eddie

Since (I think) git version 1.7.8, from 2 December 20111), git supports so called credentials helpers.

See gitcredentials(7) manpage for details
(This manpage also decribes where core.askpass fits into this).

The default git installation includes two helpers:

  • cache: See git-credential-cache(1) for details.

    Cache credentials in memory for a short period of time. The stored credentials never touch the disk, and are forgotten after a configurable timeout. Note that it is Unix-only solution, as it uses socket to communicate with daemon.

  • store: See git-credential-store(1) for details.

    Store credentials indefinitely on disk. The file will have its filesystem permissions set to prevent other users on the system from reading it, but will not be encrypted or otherwise protected. The same security as .netrc solution in Eddie response

There are some third-party credential helpers for storing username and password in KDEWallet (KDE), in GNOME Keyring, in Windows Credential Store (this is now integrated in Git for Windows), in MacOS X Keychain, etc.

Footnotes:

1) The Set Up Git GitHub Help page mentions that

You need git 1.7.10 or newer to use the credential helper

like image 33
Jakub Narębski Avatar answered Sep 30 '22 02:09

Jakub Narębski
Sign in to Comment

Related questions

error: cannot lock ref.. 'refs/tags' exists; cannot create 'refs/tags/
Remove .pyc files from Git remote repository
error: src refspec master does not match any
Pull-Request for only certain files/commits
Sparse checkout in Git 1.7.0?
git rebase --continue won't work
What are the differences between `--squash` and `--no-ff --no-commit`?
Why can't a branch name contain the 'space' char?
Can't push to the heroku
Git - What is "Refspec"
What is the difference between Git Bash and the GitHub for Windows shell?
git rebase and git push: non-fast forward, why use?
Git: checking out a file from a previous commit and amending it to HEAD
Want to download a Git repository, what do I need (windows machine)?
Coloured Git diff to HTML
How to PR and merge again after reverting PR using Github Revert Button
A pretty and feature rich Git GUI for Linux [closed]
How to delete or change directory of a cloned git repository on a local computer
Git merge: accept theirs for multiple conflicts
Is there some way to work with git using .NET application? [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!