Storing Git Credentials with Git Credential Helper
When using git commands via Terminal, Git will sometimes need credentials from the user in order to perform operations; for example, it may need to ask for a username and password in order to access a remote repository over HTTP/HTTPS.
“gitcredentials” module is used to request these credentials from the user as well as stores these credentials to avoid inputting these credentials repeatedly.
Git Credentials Avoiding Repetition
Inputting the same credentials over and over can be a frustrating experience for the user.
Git provides two methods to reduce this annoyance:
- Static configuration of usernames for a given authentication context.
- Credential helpers to cache or store passwords, or to interact with a system password wallet or keychain.
Git Credentials Helper
By default git credentials are not cached at all.
Every connection will prompt you for your username and password.
Git credentials helper can be configured in one of the following modes to remember the user credentials,
- cache
- store
- osxkeychain
- manager
Git Credentials Helper: cache
Cache credentials in memory for a short period of time.
None of the passwords are ever stored on disk, and they are purged from the cache after 15 minutes (default cache timeout).
Execute the following command in a terminal to configure the git credential helper in cache mode,
git config --global credential.helper cache
We can increase the cache timeout using the following command,
git config --global credential.helper "cache --timeout=3600"
Refer to the following documentation for further details git credentials cache.
Git Credentials Helper: store
Store credentials indefinitely on disk.
Execute the following command in a terminal to configure the git credential helper in store mode,
git config --global credential.helper store
By default, the git credentials in the “store” mode will be stored in the
“.git-credentials” file in the user’s home directory (~/.git-credentials)
In Windows the path is C:\Users\<username>\.git-credentials
In Mac and Linux the path is /Users/<username>/.git-credentials
It is also possible to specify the file to store the credentials using the following command,
git config --global credential.helper "store --file ~/.my-credentials"
The .git-credentials file stores password in plain text format.
Each credential is stored on its own line as a URL like:
https://<url_encoded_plain_text_username>:<url_encoded_plain_text_password>@github.com
The domain can be any git provider, example: @github.com, @gitlab.com, etc.
In case if you have enabled two factor authentication for your git repository then the password would be the “personal access token”.
Refer to my blog on the steps to authenticate to git repository after enabling two factor authentication.
Refer to the following documentation for further details on git credentials store.
Git Credentials Helper: osxkeychain
If you’re using a Mac, Git comes with an “osxkeychain” mode, which caches credentials in the secure keychain that’s attached to your system account.
This method stores the credentials on disk, and they never expire, but they’re encrypted with the same system that stores HTTPS certificates and Safari auto-fills.
Execute the following command in a terminal to configure the git credential helper with osxkeychain,
git config --global credential.helper osxkeychain
Git Credentials Helper: manager
In Windows, Git comes with a “manager” mode, which stores the git credentials in the Git Credential Manager for Windows (GCM).
Execute the following command in a terminal to configure the git credential helper with gcm,
git config --global credential.helper manager
Refer to the following documentations for further details git credentials manager.
Check Git Credential Helper Mode Configured
We can check the git credentials helped mode configured by viewing the “.gitconfig” file in the user’s home directory (~/.gitconfig)
For example, if the git credential helper is set to “cache” mode with “timeout of 3600s” the “.gitconfig” file will have an entry like below indicating it,
[credential]
helper = cache --timeout=3600
Hope you enjoyed and got some basic understanding of how git works and stores credentials.
Will meet you on the next blog on setting up multiple github (github.com) accounts to seamlessly work with Terminal.
Thank you for reading!
Cheers!!!