Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How secure is storing password with Git?

Tags:

git

linux

security

macos

I use the Git on my workplace and company policy doesn't allow me to store passwords in unsecure way. Is there any better option than using git config credential.helper store for storing password to the Git server?

P.S. Can't use key-authentication as it's not allowed on our server.

like image 821
dk14 Avatar asked Jan 23 '15 06:01

dk14

People also ask

Is it safe to store passwords in Git?

In short, don't store your secrets in Git! This applies to both secrets that are hardcoded into your application (such as putting the database password directly in the source code, which should be avoided at any cost), as well as keeping configuration files with secrets alongside your source code (such as .

Is GitHub safe for passwords?

If you move your private key to each of your computers that use pass, then you can just pull your pass repo from github and use the private key stored on those computers individually. Now they'll all stay synced and safe.

Does Git remember credentials?

If you're cloning GitHub repositories using HTTPS, you can use a credential helper to tell Git to remember your GitHub username and password every time it talks to GitHub. Turn on the credential helper so that Git will save your password in memory for some time. By default, Git will cache your password for 15 minutes.

Is Git credential Manager safe?

Git Credential Manager (GCM) is a secure Git credential helper built on . NET that runs on Windows, macOS, and Linux.

1 Answers

git config credential.helper store is not very secure; as it said in documentation:

Using this helper will store your passwords unencrypted on disk, protected only by filesystem permissions

The ~/.git-credentials file will have its filesystem permissions set to prevent other users on the system from reading it, but will not be encrypted or otherwise protected.

So it stores your password as is. Git allows to use your keychain git config --global credential.helper osxkeychain for OSX, so it seems to be more secure. For Linux system you may use git config credential.helper cache, which stores passwords in your memory. Or you can write your own as it said in git help credentials:

You can write your own custom helpers to interface with any system in which you keep credentials. See the documentation for Git's credentials API for details

Besides, @VonC pointed to the cross-platform GPG-based solution. See also this question about .netrc file.

There is also gnome-keyring helper for Linux (thanks to @jazakmeister for advice)

like image 104
dk14 Avatar answered Sep 20 '22 09:09

dk14
Sign in to Comment

Related questions

Get an ini setting in PHP at the command line
fallocate() command equivalent in OS X?
Installing g++ 5 on Amazon Linux
How do I edit resolv.conf? [closed]
Installing ghc binaries on Linux (can't find libgmp.so)
Installing Qt on linux, cannot find -lGL
unshare --pid /bin/bash - fork cannot allocate memory
What is the difference between xterm-color & xterm-256color?
Replace a text with a variable [duplicate]
Comprehensive list of rsync error codes [closed]
How do I force a program to appear to run out of memory?
Using ? with sed
How to completely destroy a socket connection in C
When to use pthread condition variables?
gpg: Sorry, no terminal at all requested - can't get input
how to connect to SQL Server with SQuirreL SQL from non domain registered Linux box?
Should I put trailing slash after source and destination when copy folders
How can I send a signal from a python program?
How to kill a running python process? [duplicate]
Error when trying to run .asm file on NASM on Ubuntu

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!