Is there a way to cache GitHub credentials for pushing commits

Question

I recently switched to synchronizing my repositories to https    on GitHub  due to firewall issues   and it asks for a password every time   Is there a way to cache the credentials  instead of authenticating every time that git push

User · Answer

OAuth

You can create your own personal API token (OAuth) and use it the same way as you would use your normal credentials (at: /settings/tokens). For example:

git remote add fork https://[email protected]/foo/bar
git push fork

`.netrc`

Another method is to configure your user/password in ~/.netrc (_netrc on Windows), e.g.

machine github.com
login USERNAME
password PASSWORD

For HTTPS, add the extra line:

protocol https

A credential helper

To cache your GitHub password in Git when using HTTPS, you can use a credential helper to tell Git to remember your GitHub username and password every time it talks to GitHub.

Mac: git config --global credential.helper osxkeychain (osxkeychain helper is required),
Windows: git config --global credential.helper wincred
Linux and other: git config --global credential.helper cache

User · Answer

I know this is not a secure solution  but sometimes you need just a simple solution - without installing anything else  And since helper   store did not work for me  I created a dummy helper   Create a script and put it in your users bin folder  here named credfake  this script will provide your username and your password      bin bash while read line do   echo   line  done  lt    dev stdin  echo username mahuser echo password MahSecret12345   make it executable   chmod u x  home mahuser bin credfake   then configure it in git   git config --global credential helper  home mahuser bin credfake    or use it without --global for the one repo only   and - voil   - git will use this user   password

User · Answer

If you don t want to store your password in plaintext like Mark said  you can use a different GitHub URL for fetching than you do for pushing  In your configuration file  under  remote  origin     url   git   github com you projectName git pushurl   git github com you projectName git   It will still ask for a password when you push  but not when you fetch  at least for open source projects

User · Answer

TLDR  Use an encrypted netrc file with Git 1 8 3      Saving a password for a Git repository HTTPS URL is possible with a    netrc  Unix  or  HOME   netrc  note the    on Windows   But  That file would store your password in plain text   Solution  Encrypt that file with GPG  GNU Privacy Guard   and make Git decrypt it each time it needs a password  for push pull fetch clone operation      Note  with Git 2 18  Q2 2018   you now can customize the GPG used to decrypt the encrypted  netrc file   See commit 786ef50  commit f07eeed  12 May 2018  by Luis Marsano        Merged by Junio C Hamano -- gitster -- in commit 017b7c5  30 May 2018        git-credential-netrc  accept gpg option      git-credential-netrc was hardcoded to decrypt with  gpg  regardless of   the gpg program option    This is a problem on distributions like Debian that call modern GnuPG something else  like  gpg2      Step-by-Step instructions for Windows  With Windows    Git has a gpg exe in its distribution  but using a full GPG installation includes a gpg-agent exe  which will memorize your passphrase associated to your GPG key     Install gpg4Win Lite  the minimum gnupg command-line interface  take the most recent gpg4win-vanilla-2 X Y-betaZZ exe   and complete your PATH with the GPG installation directory   set PATH  PATH  C  path to gpg copy C  path to gpg gpg2 exe C  path to gpg gpg exe     Note the  copy  command  Git will need a Bash script to execute the command  gpg   Since gpg4win-vanilla-2 comes with gpg2 exe  you need to duplicate it     Create or import a GPG key  and trust it   gpgp --import aKey   or gpg --gen-key     Make sure to put a passphrase to that key     Trust that key Install the credential helper script in a directory within your  PATH    cd c  a fodler in your path curl -o c  prgs bin git-credential-netrc https   raw githubusercontent com git git master contrib credential netrc git-credential-netrc perl     Beware  the script is renamed in Git 2 25 x 2 26  see below    Yes  this is a Bash script  but it will work on Windows since it will be called by Git     Make a  netrc file in clear text  machine a server corp com login a login password a password protocol https  machine a server2 corp com login a login2 password a password2 protocol https     Don t forget the  protocol  part   http  or  https  depending on the URL you will use     Encrypt that file   gpg -e -r a recipient  netrc     You now can delete the  netrc file  keeping only the  netrc gpg encrypted one     Use that encrypted file   git config --local credential helper  netrc -f C  path to  netrc gpg -v      Note the      C  path to    wouldn t work at all    You can use at first -v -d to see what is going on    From now on  any Git command using an HTTP S  URL which requires authentication will decrypt that  netrc gpg file and use the login password associated to the server you are contacting  The first time  GPG will ask you for the passphrase of your GPG key  to decrypt the file  The other times  the gpg-agent launched automatically by the first GPG call will provide that passphrase for you   That way  you can memorize several URLs logins passwords in one file  and have it stored on your disk encrypted   I find it more convenient than a  cache  helper   where you need to remember and type  once per session  a different password for each of your remote services  for said password to be cached in memory     With Git 2 26  Q1 2020   the sample credential helper for using  netrc has been updated to work out of the box   See patch discussion   See commit 6579d93  commit 1c78c78  20 Dec 2019  by Denton Liu  Denton-L    Merged by Junio C Hamano -- gitster -- in commit 1fd27f8  25 Dec 2019        contrib credential netrc  make PERL PATH configurable      Signed-off-by  Denton Liu      The shebang path for the Perl interpreter in git-credential-netrc was hardcoded    However  some users may have it located at a different location and thus  would have had to manually edit the script       Add a  perl prefix to the script to denote it as a template and ignore the generated version    Augment the Makefile so that it generates git-credential-netrc from git-credential-netrc perl  just like other Perl scripts       The Makefile recipes were shamelessly stolen from contrib mw-to-git Makefile    And   With 2 26  Q1 2020   Sample credential helper for using  netrc has been updated to work out of the box   See commit 6579d93  commit 1c78c78  20 Dec 2019  by Denton Liu  Denton-L    Merged by Junio C Hamano -- gitster -- in commit 1fd27f8  25 Dec 2019        contrib credential netrc  work outside a repo      Signed-off-by  Denton Liu      Currently  git-credential-netrc does not work outside of a git repository  It fails with the following error   fatal  Not a git repository    at  usr share perl5 Git pm line 214        There is no real reason why need to be within a repository  though  Credential helpers should be able to work just fine outside the repository as well       Call the non-self version of config   so that git-credential-netrc no longer needs to be run within a repository    Jeff King  peff  adds      I assume you re using a gpg-encrypted netrc  if not  you should probably   just use credential-store     For  read-only  password access  I find the combination of pass with config like this is a bit nicer    credential  https   github com     username   peff   helper     f     test  1   get  amp  amp  echo password  pass github oauth      f

User · Answer

You also edit the bashrc file and add a script in it   This would ask for your password once when you start Git and then remembers it until you log off   SSH ENV  HOME  ssh environment      Start the ssh-agent function start agent       echo  Initializing new SSH agent            Spawn ssh-agent      usr bin ssh-agent   sed  s  echo  echo    gt     SSH ENV       echo succeeded     chmod 600    SSH ENV            SSH ENV    gt   dev null      usr bin ssh-add      if   -f    SSH ENV      then           SSH ENV    gt   dev null    ps -ef   grep   SSH AGENT PID    grep ssh-agent   gt   dev null            start agent      else     start agent  fi

User · Answer

After you clone repository repo  you can edit repo  git config and add some configuration like below    user      name   you name     password   you password  credential      helper   store   Then you won t be asked for username and password again

User · Answer

Things are a little different if you re using two-factor authentication as I am  Since I didn t find a good answer elsewhere  I ll stick one here so that maybe I can find it later   If you re using two-factor authentication  then specifying username password won t even work - you get access denied  But you can use an application access token and use Git s credential helper to cache that for you  Here are the pertinent links    Setting up the command-line to work with 2-factor auth  search for section titled  How does it work for command-line Git    Credential caching   And I don t remember where I saw this  but when you re asked for your username - that s where you stick the application access token  Then leave the password blank  It worked on my Mac

User · Answer

Use a credential store   For Git 2 11  on OS nbsp X and Linux  use Git s built in credential store   git config --global credential helper libsecret   For msysgit 1 7 9  on Windows   git config --global credential helper wincred     For Git 1 7 9  on OS nbsp X use   git config --global credential helper osxkeychain

User · Answer

With Git version 1 7 9 and later Since Git 1 7 9  released in late January 2012   there is a neat mechanism in Git to avoid having to type your password all the time for HTTP   HTTPS  called credential helpers   Thanks to dazonic for pointing out this new feature in the comments below   With Git 1 7 9 or later  you can just use one of the following credential helpers  git config --global credential helper cache      which tells Git to keep your password cached in memory for  by default  15 minutes  You can set a longer timeout with  git config --global credential helper  quot cache --timeout 3600 quot    That example was suggested in the GitHub help page for Linux   You can also store your credentials permanently if so desired  see the other answers below  GitHub s help also suggests that if you re on Mac OS X and used Homebrew to install Git  you can use the native Mac  OS  X keystore with  git config --global credential helper osxkeychain  For Windows  there is a helper called Git Credential Manager for Windows or wincred in msysgit  git config --global credential helper wincred   obsolete  With Git for Windows 2 7 3   March 2016   git config --global credential helper manager  For Linux  you would use  in 2011  gnome-keyring or other keyring implementation such as KWallet   Nowadays  2020   that would be  on Linux  Fedora sudo dnf install git-credential-libsecret git config --global credential helper  usr libexec git-core git-credential-libsecret  Ubuntu sudo apt-get install libsecret-1-0 libsecret-1-dev cd  usr share doc git contrib credential libsecret sudo make git config --global credential helper  usr share doc git contrib credential libsecret git-credential-libsecret   With Git versions before 1 7 9 With versions of Git before 1 7 9  this more secure option is not available  and you ll need to change the URL that your origin remote uses to include the password in this fashion  https   you password github com you example git      in other words with  password after the username and before the    You can set a new URL for your origin remote with  git config remote origin url https   you password github com you example git  Make sure that you use https  and you should be aware that if you do this  your GitHub password will be stored in plaintext in your  git directory  which is obviously undesirable  With any Git version  well  since version 0 99  An alternative approach is to put your username and password in your    netrc file  although  as with keeping the password in the remote URL  this means that your password will be stored on the disk in plain text and is thus less secure and not recommended  However  if you want to take this approach  add the following line to your    netrc  machine  lt hostname gt  login  lt username gt  password  lt password gt       replacing  lt hostname gt  with the server s hostname  and  lt username gt  and  lt password gt  with your username and password  Also remember to set restrictive file system permissions on that file  chmod 600    netrc  Note that on Windows  this file should be called  netrc  and you may need to define the  HOME  environment variable - for more details see   Git - How to use  netrc file on Windows to save user and password

User · Answer

If you are using osxkeychain and had a token expire and want to update it  follow these steps   Run in terminal  then press enter twice   git credential-osxkeychain erase  host github com  protocol https   Now you should be prompted for a username password  However sometimes it seems this does not  take  and you have to keep re-entering   If so  restart your computer  Now the next time you run a git command and enter your username password  it will be saved

User · Answer

You can also have Git store your credentials permanently using the following   git config credential helper store   Note  While this is convenient  Git will store your credentials in clear text in a local file   git-credentials  under your project directory  see below for the  home  directory   If you don t like this  delete this file and switch to using the cache option   If you want Git to resume to asking you for credentials every time it needs to connect to the remote repository  you can run this command   git config --unset credential helper   To store the passwords in  git-credentials in your  HOME  directory as opposed to the project directory  use the --global flag  git config --global credential helper store

User · Answer

For Windows you can use the Git Credential Manager  GCM  plugin  It is currently maintained by Microsoft  The nice thing is that it saves the password in the Windows Credential Store  not as plain text   There is an installer on the releases page of the project  This will also install the official version of Git for Windows with the credential manager built-in  It allows two-factor authentication for GitHub  and other servers   And has a graphical interface for initially logging in   For Cygwin users  or users already using the official Git for Windows   you might prefer the manual install  Download the zip package from the releases page  Extract the package  and then run the install cmd file  This will install to your   bin folder   Be sure your   bin directory is in your PATH   You then configure it using this command   git config --global credential helper manager   Git will then run the git-credential-manager exe when authenticating to any server

User · Answer

It wasn t immediately obvious to me that I needed to download the helper first  I found the credential helper download at Atlassian s Permanently authenticating with Git repositories   Quote   Follow these steps if you want to use Git with credential caching on OS nbsp X   Download the binary git-credential-osxkeychain   Run the command below to ensure the binary is executable   chmod a x git-credential-osxkeychain   Put it in the directory  usr local bin   Run the command below   git config --global credential helper osxkeychain

User · Answer

Usually you have a remote URL  something like this   git remote -v  origin    https   gitlab com username Repo git  fetch  origin    https   gitlab com username Repo git  push    If you want to skip username and password while using git push  try this    git remote set-url origin https   username password gitlab com username Repo git   I ve just added the same URL  with user details including password  to origin   NOTE  It doesn t work if username is an email Id   git remote -v  origin    https   username password gitlab com username Repo git  fetch  origin    https   username password gitlab com username Repo git  push

User · Answer

You can just use   git config credential helper store   When you enter password next time with pull or push  it will be stored in file  git-credentials as plain text  a bit unsecure  but just put it into a protected folder    And that s it  as stated on this page   git-credential-store

User · Answer

Simply include the login credentials as part of the URL   git remote rm origin git remote add origin https   username mypassword github com path to repo git   Note  I do not recommend this method  but if you are in rush and nothing else works  you can use this method

User · Answer

There s an easy  old-fashioned way to store user credentials in an HTTPS URL   https   user password github com       You can change the URL with git remote set-url  lt remote-repo gt   lt URL gt   The obvious downside to that approach is that you have to store the password in plain text  You can still just enter the user name  https   user github com      which will at least save you half the hassle   You might prefer to switch to SSH or to use the GitHub client software

User · Answer

This works for me I m using Windows 10  git config --global credential helper wincred

User · Answer

An authentication token should be used instead of the account password  Go to GitHub settings applications and then create a personal access token  The token can be used the same way a password is used   The token is intended to allow users not use the account password for project work  Only use the password when doing administration work  like creating new tokens or revoke old tokens     Instead of a token or password that grants a user whole access to a GitHub account  a project specific deployment key can be used to grant access to a single project repository  A Git project can be configured to use this different key in the following steps when you still can access other Git accounts or projects with your normal credential    Write an SSH configuration file that contains the Host  IdentityFile for the deployment key  maybe the UserKnownHostsFile  and maybe the User  though I think you don t need it   Write an SSH wrapper shell script that virtually is ssh -F  path to your config    Prepend GIT SSH  path to your wrapper in front of your normal Git command  Here the git remote  origin  must use the git github com user project git format

User · Answer

On a GNU Linux setup  a    netrc works quite well too     cat    netrc machine github com login lot105 password howsyafather   It might depend on which network libraries Git is using for HTTPS transport

User · Answer

I got my answer from gitcredentials 7  Manual Page  For my case  I don t have credential-cache in my Windows installation  I use credential-store   After I use credential-store  the username password are stored in  user folder   git-credentials file  To remove the username password  just delete the content of the file

User · Answer

The composer documentation mentions that you can prevent it from using the GitHub API  so that it acts like git clone      If you set the no-api key to true on a GitHub repository it will clone the repository as it would with any other Git repository instead of using the GitHub API  But unlike using the git driver directly  composer will still attempt to use GitHub s zip files    So the section would look like this    repositories                    type    vcs            no-api   true           url    https   github com your repo             Keep in mind that the API is there for a reason  So it this should be a method of last resort regarding the increased load on github com

User · Answer

You can use credential helpers   git config --global credential helper  cache --timeout x    where x is the number of seconds

User · Answer

It is better to use credentials for security  but you can keep it for some time using the cache   git config --global credential helper cache git config credential helper  cache --timeout 3600    Your credentials will be saved for 3600 seconds

[git] Is there a way to cache GitHub credentials for pushing commits?

OAuth

`.netrc`

A credential helper

Examples related to git

Examples related to authentication

Examples related to github

Examples related to git-push

Examples related to git-config