Menu
I've been looking for a good encrypted git credential helper for Linux (something that can store passwords in an encrypted way, and retrieve them later, conforming to the git-credential protocol), and I'm really surprised that not much seems to be turning up.
In all of the git docs and related git-credential documentation I've seen, they don't even mention the existence of such a thing. It always mentions osxkeychain for Mac, but then if you're running Linux it just redirects you to the doc that explains how to use "cache" as a helper. Some of the references mention Microsoft's git credential manager to use for Windows. But nothing for Linux.
Using cache seems like a semi-okay solution if you use actual passwords. Not terrible, but far from ideal. But if you're using Personal Access Tokens (which you have to use if you want to maintain 2 Factor security on the account for your repo), then that's a no-go. Having to type in one of those randomly-generated PAT's once in a while, no matter how infrequent, is a really bad idea. You can't realistically memorize them, and storing them somewhere in plain text is a security compromise. (Also, what if you want to automate some git operations? Not going to work.)
So--what is the solution here? If it exists for both Windows and Mac, I'm sure there is at least one good option for Linux, probably many. I've heard you can do it with Gnome, for instance. But if you don't have Gnome, what should you do? I've heard that Microsoft's manager for Windows may run under Linux, but haven't tried it yet. Is that the only option out there? Is there an open source option?
787
If you're using Windows, macOS, or Linux, you can install a helper called “Git Credential Manager”. This uses platform-native data stores to control sensitive information.
Git Credential Manager (GCM) is a secure Git credential helper built on . NET that runs on Windows, macOS, and Linux.
Credential helpers are programs executed by Git to fetch or save credentials from and to long-term storage (where "long-term" is simply longer than a single Git process; e.g., credentials may be stored in-memory for a few minutes, or indefinitely on disk).
If you're cloning GitHub repositories using HTTPS, you can use a credential helper to tell Git to remember your GitHub username and password every time it talks to GitHub. Turn on the credential helper so that Git will save your password in memory for some time. By default, Git will cache your password for 15 minutes.
This is what we have in git sources: https://github.com/git/git/tree/master/contrib/credential
So you can use gnome-keyring (deprecated), libsecret or gpg-encrypted .netrc.
libsecret could be used with any Linux distribution without GNOME, I believe.
git config --global credential.helper /usr/share/doc/git/contrib/credential/libsecret/git-credential-libsecret
See https://stackoverflow.com/a/40312117/7976758.
This is how to use gpg-encrypted .netrc: https://stackoverflow.com/a/18362082/7976758.
177
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
