发表新帖
发表新帖

Git http - securely remember credentials

前端 未结
关注
5 2093
既然无缘
既然无缘 2020-11-28 03:45

Is there a way to securely let git remember my credentials when connecting to remote repositories over HTTP(S)?

I\'ve tried the core.askpass approach d

相关标签:
5条回答
  • 深忆病人
    2020-11-28 03:49

    Since (I think) git version 1.7.8, from 2 December 20111), git supports so called credentials helpers.

    See gitcredentials(7) manpage for details
    (This manpage also decribes where core.askpass fits into this).

    The default git installation includes two helpers:

    • cache: See git-credential-cache(1) for details.

      Cache credentials in memory for a short period of time. The stored credentials never touch the disk, and are forgotten after a configurable timeout. Note that it is Unix-only solution, as it uses socket to communicate with daemon.

    • store: See git-credential-store(1) for details.

      Store credentials indefinitely on disk. The file will have its filesystem permissions set to prevent other users on the system from reading it, but will not be encrypted or otherwise protected. The same security as .netrc solution in Eddie response

    There are some third-party credential helpers for storing username and password in KDEWallet (KDE), in GNOME Keyring, in Windows Credential Store (this is now integrated in Git for Windows), in MacOS X Keychain, etc.

    Footnotes:

    1) The Set Up Git GitHub Help page mentions that

    You need git 1.7.10 or newer to use the credential helper

    0 讨论(0)
  • 轻奢々
    2020-11-28 03:51

    This might work for you... http://samuel.kadolph.com/2011/03/store-your-git-https-passwords-in-your-os-x-keychain/

    0 讨论(0)
  • 温柔的废话
    2020-11-28 04:00

    git invokes cURL when running over HTTP. You can store secure credentials by setting up a .netrc file in your user's home directory, and making it private to the user (0600 in Linux).

    The contents of the file provide the username and password per remote domain.

    machine myRemoteServer
login myUserName
password s3cret

    See https://stackoverflow.com/questions/3947530/git-push-fatal-failed/7177690#7177690 for full server side configuration, which can easily include calls to your ldap server.

    0 讨论(0)
  • 说谎
    2020-11-28 04:02

    Since git 1.8.3 (May, 2013), you now can specify an encrypted .netrc for git to use:

    A new read-only credential helper (in contrib/credential/netrc/) to interact with the .netrc/.authinfo files has been added.

    That script would allow you to use gpg-encrypted netrc files, avoiding the issue of having your credentials stored in a plain text file.

    -f|--file AUTHFILE
specify netrc-style files.

    Files with the .gpg extension will be decrypted by GPG before parsing.
    Multiple -f arguments are OK. They are processed in order, and the first matching entry found is returned via the credential helper protocol (see below).

    When no -f option is given, .authinfo.gpg, .netrc.gpg, .authinfo, and .netrc files in your home directory are used in this order.

    To enable this credential helper:

    git config credential.helper '$shortname -f AUTHFILE1 -f AUTHFILE2'

    (Note that Git will prepend "git-credential-" to the helper name and look for it in the path.)

    See a complete step-by-step example at:
    "Is there a way to skip password typing when using https://github.com".

    0 讨论(0)
  • 失恋的感觉
    2020-11-28 04:08

    Secure option is to use regular SSH with public/private key pair.

    0 讨论(0)
 看不清?
提交回复
热议问题