Open in app

Sign in

Write

Sign in

Storing Git Credentials with Git Credential Helper

Seralahthan
4 min readMar 21, 2021

When using git commands via Terminal, Git will sometimes need credentials from the user in order to perform operations; for example, it may need to ask for a username and password in order to access a remote repository over HTTP/HTTPS.

“gitcredentials” module is used to request these credentials from the user as well as stores these credentials to avoid inputting these credentials repeatedly.

Git Credentials Avoiding Repetition

Inputting the same credentials over and over can be a frustrating experience for the user.

Git provides two methods to reduce this annoyance:

  • Static configuration of usernames for a given authentication context.
  • Credential helpers to cache or store passwords, or to interact with a system password wallet or keychain.

Git Credentials Helper

By default git credentials are not cached at all.
Every connection will prompt you for your username and password.

Git credentials helper can be configured in one of the following modes to remember the user credentials,

  • cache
  • store
  • osxkeychain
  • manager

Git Credentials Helper: cache

Cache credentials in memory for a short period of time.

None of the passwords are ever stored on disk, and they are purged from the cache after 15 minutes (default cache timeout).

Execute the following command in a terminal to configure the git credential helper in cache mode,

git config --global credential.helper cache

We can increase the cache timeout using the following command,

git config --global credential.helper "cache --timeout=3600"

Refer to the following documentation for further details git credentials cache.

Git - git-credential-cache Documentation

git-credential-cache - Helper to temporarily store passwords in memory git config credential.helper 'cache [ ]' This…

git-scm.com

Git Credentials Helper: store

Store credentials indefinitely on disk.

Execute the following command in a terminal to configure the git credential helper in store mode,

git config --global credential.helper store

By default, the git credentials in the “store mode will be stored in the
“.git-credentials file in the user’s home directory (~/.git-credentials)

In Windows the path is C:\Users\<username>\.git-credentials
In Mac and Linux the path is /Users/<username>/.git-credentials

It is also possible to specify the file to store the credentials using the following command,

git config --global credential.helper "store --file ~/.my-credentials"

The .git-credentials file stores password in plain text format.
Each credential is stored on its own line as a URL like:

https://<url_encoded_plain_text_username>:<url_encoded_plain_text_password>@github.com

The domain can be any git provider, example: @github.com, @gitlab.com, etc.

In case if you have enabled two factor authentication for your git repository then the password would be the “personal access token”.

Refer to my blog on the steps to authenticate to git repository after enabling two factor authentication.

GitHub Authentication Failure when Clone, Fetch, Pull and Push

Have you ever came across this strange behaviour that even with the correct credentials you are not able to…

techexpertise.medium.com

Refer to the following documentation for further details on git credentials store.

Git - git-credential-store Documentation

If not set explicitly with --file, there are two files where git-credential-store will search for credentials in order…

git-scm.com

Git Credentials Helper: osxkeychain

If you’re using a Mac, Git comes with an “osxkeychain mode, which caches credentials in the secure keychain that’s attached to your system account.

This method stores the credentials on disk, and they never expire, but they’re encrypted with the same system that stores HTTPS certificates and Safari auto-fills.

Execute the following command in a terminal to configure the git credential helper with osxkeychain,

git config --global credential.helper osxkeychain

Git Credentials Helper: manager

In Windows, Git comes with a “manager mode, which stores the git credentials in the Git Credential Manager for Windows (GCM).

Execute the following command in a terminal to configure the git credential helper with gcm,

git config --global credential.helper manager

Refer to the following documentations for further details git credentials manager.

microsoft/Git-Credential-Manager-for-Windows

Git Credential Manager for Windows is no longer being maintained. The cross-platform Git Credential Manager Core (GCM…

github.com

microsoft/Git-Credential-Manager-Core

Branch Status master Git Credential Manager Core (GCM Core) is a secure Git credential helper built on .NET that runs…

github.com

Check Git Credential Helper Mode Configured

We can check the git credentials helped mode configured by viewing the “.gitconfig file in the user’s home directory (~/.gitconfig)

For example, if the git credential helper is set to “cache” mode with “timeout of 3600s” the “.gitconfig file will have an entry like below indicating it,

[credential]
 helper = cache --timeout=3600

Hope you enjoyed and got some basic understanding of how git works and stores credentials.

Will meet you on the next blog on setting up multiple github (github.com) accounts to seamlessly work with Terminal.

Thank you for reading!

Cheers!!!

Git
Git Credentials
Git Credentials Cache
Git Credentials Store
Git Credentials Keychain

--

--

Seralahthan

Written by Seralahthan

157 Followers

Consultant - Integration & CIAM | ATL@WSO2 | BScEng(Hons) in Computer Engineering | Interested in BigData, ML & AI

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams