Menu
I use the Git on my workplace and company policy doesn't allow me to store passwords in unsecure way. Is there any better option than using git config credential.helper store for storing password to the Git server?
P.S. Can't use key-authentication as it's not allowed on our server.
821
In short, don't store your secrets in Git! This applies to both secrets that are hardcoded into your application (such as putting the database password directly in the source code, which should be avoided at any cost), as well as keeping configuration files with secrets alongside your source code (such as .
If you move your private key to each of your computers that use pass, then you can just pull your pass repo from github and use the private key stored on those computers individually. Now they'll all stay synced and safe.
If you're cloning GitHub repositories using HTTPS, you can use a credential helper to tell Git to remember your GitHub username and password every time it talks to GitHub. Turn on the credential helper so that Git will save your password in memory for some time. By default, Git will cache your password for 15 minutes.
Git Credential Manager (GCM) is a secure Git credential helper built on . NET that runs on Windows, macOS, and Linux.
git config credential.helper store is not very secure; as it said in documentation:
Using this helper will store your passwords unencrypted on disk, protected only by filesystem permissions
The ~/.git-credentials file will have its filesystem permissions set to prevent other users on the system from reading it, but will not be encrypted or otherwise protected.
So it stores your password as is. Git allows to use your keychain git config --global credential.helper osxkeychain for OSX, so it seems to be more secure. For Linux system you may use git config credential.helper cache, which stores passwords in your memory. Or you can write your own as it said in git help credentials:
You can write your own custom helpers to interface with any system in which you keep credentials. See the documentation for Git's credentials API for details
Besides, @VonC pointed to the cross-platform GPG-based solution. See also this question about .netrc file.
There is also gnome-keyring helper for Linux (thanks to @jazakmeister for advice)
104
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
