How to securely save git credentials?

Question

I've been recently looking for a solution on how to securely save git credentials in CentOS 7.

I want to save credentials for multiple git repositories.

The solution that I come up with is to use gnome-keyring with any version of git. but I was experiencing some issues with it. and I found many posts saying it's not a good a solution in Redhat 7 or Centos 7. and It will be deprecated.

git config --global credential.helper /usr/share/doc/git/contrib/credential/gnome-keyring/git-credential-gnome-keyrin  

But this didn't work for me, an error when using git :

error communicating with gnome-keyring-daemon

then I upgraded git the last version 2.11+ to use libsecret which seems to be more easy to use.

I have done the same thing.

git config --global credential.helper /usr/share/doc/git/contrib/credential/libsecret/git-credential-libsecret

And this seems to work as expected. my Question is this is a good solution to securely save git credentials ? Do you know any other solution to save git credentials on a CentOS machine?

Answer 1

is this is a good solution to securely save git credentials ?

Yes, as I documented in "Error when using Git credential helper with gnome-keyring as Sudo".
libsecret implements XDG Secret Service API.

It is the current official library to use.

---

Update Git 2.15.x/2.16 (Q1 2018), where the credential helper for libsecret (in contrib/) has been improved to allow possibly prompting the end user to unlock secrets that are currently locked (otherwise the secrets may not be loaded).

See commit 9c109e9 (03 Nov 2017) by Dennis Kaarsemaker (seveas).
^{(Merged by Junio C Hamano -- gitster -- in commit 906329f, 09 Nov 2017)}

credential-libsecret: unlock locked secrets

Credentials exposed by the secret service DBUS interface may be locked.
Setting the SECRET_SEARCH_UNLOCK flag will make the secret service unlock these secrets, possibly prompting the user for credentials to do so.
Without this flag, the secret is simply not loaded.