I recently switched to synchronizing my repositories to https:// on GitHub (due to firewall issues), and it asks for a password every time.
Is there a way to cache the credentials, instead of authenticating every time that git push?
This question is related to
git
authentication
github
git-push
git-config
Use a credential store.
For Git 2.11+ on OS X and Linux, use Git's built in credential store:
git config --global credential.helper libsecret
For msysgit 1.7.9+ on Windows:
git config --global credential.helper wincred
For Git 1.7.9+ on OS X use:
git config --global credential.helper osxkeychain
Usually you have a remote URL, something like this,
git remote -v
origin https://gitlab.com/username/Repo.git (fetch)
origin https://gitlab.com/username/Repo.git (push)
If you want to skip username and password while using git push, try this:
git remote set-url origin https://username:[email protected]/username/Repo.git
I've just added the same URL (with user details including password) to origin.
NOTE: It doesn't work if username is an email Id.
git remote -v
origin https://username:[email protected]/username/Repo.git (fetch)
origin https://username:[email protected]/username/Repo.git (push)
You can just use
git config credential.helper store
When you enter password next time with pull or push, it will be stored in file .git-credentials as plain text (a bit unsecure, but just put it into a protected folder).
And that's it, as stated on this page:
There's an easy, old-fashioned way to store user credentials in an HTTPS URL:
https://user:[email protected]/...
You can change the URL with git remote set-url <remote-repo> <URL>
The obvious downside to that approach is that you have to store the password in plain text. You can still just enter the user name (https://[email protected]/...) which will at least save you half the hassle.
You might prefer to switch to SSH or to use the GitHub client software.
I got my answer from gitcredentials(7) Manual Page. For my case, I don't have credential-cache in my Windows installation; I use credential-store.
After I use credential-store, the username/password are stored in [user folder]/.git-credentials file. To remove the username/password, just delete the content of the file.
The composer documentation mentions that you can prevent it from using the GitHub API, so that it acts like git clone:
If you set the
no-apikey totrueon a GitHub repository it will clone the repository as it would with any other Git repository instead of using the GitHub API. But unlike using thegitdriver directly, composer will still attempt to use GitHub's zip files.
So the section would look like this:
"repositories": [
{
"type": "vcs",
"no-api": true,
"url": "https://github.com/your/repo"
}
],
Keep in mind that the API is there for a reason. So it this should be a method of last resort regarding the increased load on github.com.
Things are a little different if you're using two-factor authentication as I am. Since I didn't find a good answer elsewhere, I'll stick one here so that maybe I can find it later.
If you're using two-factor authentication, then specifying username/password won't even work - you get access denied. But you can use an application access token and use Git's credential helper to cache that for you. Here are the pertinent links:
And I don't remember where I saw this, but when you're asked for your username - that's where you stick the application access token. Then leave the password blank. It worked on my Mac.
You can use credential helpers.
git config --global credential.helper 'cache --timeout=x'
where x is the number of seconds.
On a GNU/Linux setup, a ~/.netrc works quite well too:
$ cat ~/.netrc
machine github.com login lot105 password howsyafather
It might depend on which network libraries Git is using for HTTPS transport.
If you don't want to store your password in plaintext like Mark said, you can use a different GitHub URL for fetching than you do for pushing. In your configuration file, under [remote "origin"]:
url = git://github.com/you/projectName.git
pushurl = [email protected]:you/projectName.git
It will still ask for a password when you push, but not when you fetch, at least for open source projects.
This works for me I'm using Windows 10
git config --global credential.helper wincred
If you are using osxkeychain and had a token expire and want to update it, follow these steps:
Run in terminal, then press enter twice.
git credential-osxkeychain erase
host=github.com
protocol=https
Now you should be prompted for a username/password. However sometimes it seems this does not 'take' and you have to keep re-entering.
If so, restart your computer. Now the next time you run a git command and enter your username/password, it will be saved.
Simply include the login credentials as part of the URL:
git remote rm origin
git remote add origin https://username:[email protected]/path/to/repo.git
Note: I do not recommend this method, but if you are in rush and nothing else works, you can use this method.
I know this is not a secure solution, but sometimes you need just a simple solution - without installing anything else. And since helper = store did not work for me, I created a dummy helper:
Create a script and put it in your users bin folder, here named credfake, this script will provide your username and your password:
#!/bin/bash
while read line
do
echo "$line"
done < "/dev/stdin"
echo username=mahuser
echo password=MahSecret12345
make it executable:
chmod u+x /home/mahuser/bin/credfake
then configure it in git:
git config --global credential.helper /home/mahuser/bin/credfake
(or use it without --global for the one repo only)
and - voilá - git will use this user + password.
An authentication token should be used instead of the account password. Go to GitHub settings/applications and then create a personal access token. The token can be used the same way a password is used.
The token is intended to allow users not use the account password for project work. Only use the password when doing administration work, like creating new tokens or revoke old tokens.
Instead of a token or password that grants a user whole access to a GitHub account, a project specific deployment key can be used to grant access to a single project repository. A Git project can be configured to use this different key in the following steps when you still can access other Git accounts or projects with your normal credential:
Host, IdentityFile for the deployment key, maybe the UserKnownHostsFile, and maybe the User (though I think you don't need it).ssh -F /path/to/your/config $*GIT_SSH=/path/to/your/wrapper in front of your normal Git command. Here the git remote (origin) must use the [email protected]:user/project.git format.It is better to use credentials for security, but you can keep it for some time using the cache:
git config --global credential.helper cache
git config credential.helper 'cache --timeout=3600'
Your credentials will be saved for 3600 seconds.
You can create your own personal API token (OAuth) and use it the same way as you would use your normal credentials (at: /settings/tokens). For example:
git remote add fork https://[email protected]/foo/bar
git push fork
.netrcAnother method is to configure your user/password in ~/.netrc (_netrc on Windows), e.g.
machine github.com
login USERNAME
password PASSWORD
For HTTPS, add the extra line:
protocol https
To cache your GitHub password in Git when using HTTPS, you can use a credential helper to tell Git to remember your GitHub username and password every time it talks to GitHub.
git config --global credential.helper osxkeychain (osxkeychain helper is required),git config --global credential.helper wincredgit config --global credential.helper cacheRelated:
It wasn't immediately obvious to me that I needed to download the helper first! I found the credential.helper download at Atlassian's Permanently authenticating with Git repositories.
Quote:
Follow these steps if you want to use Git with credential caching on OS X:
Download the binary git-credential-osxkeychain.
Run the command below to ensure the binary is executable:
chmod a+x git-credential-osxkeychain
Put it in the directory /usr/local/bin.
Run the command below:
git config --global credential.helper osxkeychain
For Windows you can use the Git Credential Manager (GCM) plugin. It is currently maintained by Microsoft. The nice thing is that it saves the password in the Windows Credential Store, not as plain text.
There is an installer on the releases page of the project. This will also install the official version of Git for Windows with the credential manager built-in. It allows two-factor authentication for GitHub (and other servers). And has a graphical interface for initially logging in.
For Cygwin users (or users already using the official Git for Windows), you might prefer the manual install. Download the zip package from the releases page. Extract the package, and then run the install.cmd file. This will install to your ~/bin folder. (Be sure your ~/bin directory is in your PATH.) You then configure it using this command:
git config --global credential.helper manager
Git will then run the git-credential-manager.exe when authenticating to any server.
After you clone repository repo, you can edit repo/.git/config and add some configuration like below:
[user]
name = you_name
password = you_password
[credential]
helper = store
Then you won't be asked for username and password again.
You also edit the bashrc file and add a script in it.
This would ask for your password once when you start Git and then remembers it until you log off.
SSH_ENV=$HOME/.ssh/environment
# Start the ssh-agent
function start_agent {
echo "Initializing new SSH agent..."
# Spawn ssh-agent
/usr/bin/ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}"
echo succeeded
chmod 600 "${SSH_ENV}"
. "${SSH_ENV}" > /dev/null
/usr/bin/ssh-add
}
if [ -f "${SSH_ENV}" ]; then
. "${SSH_ENV}" > /dev/null
ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
start_agent;
}
else
start_agent;
fi
You can also have Git store your credentials permanently using the following:
git config credential.helper store
Note: While this is convenient, Git will store your credentials in clear text in a local file (.git-credentials) under your project directory (see below for the "home" directory). If you don't like this, delete this file and switch to using the cache option.
If you want Git to resume to asking you for credentials every time it needs to connect to the remote repository, you can run this command:
git config --unset credential.helper
To store the passwords in .git-credentials in your %HOME% directory as opposed to the project directory: use the --global flag
git config --global credential.helper store
Saving a password for a Git repository HTTPS URL is possible with a ~/.netrc (Unix) or %HOME%/_netrc (note the _) on Windows.
But: That file would store your password in plain text.
Solution: Encrypt that file with GPG (GNU Privacy Guard), and make Git decrypt it each time it needs a password (for push/pull/fetch/clone operation).
Note: with Git 2.18 (Q2 2018), you now can customize the GPG used to decrypt the encrypted .netrc file.
See commit 786ef50, commit f07eeed (12 May 2018) by Luis Marsano (``).
(Merged by Junio C Hamano -- gitster -- in commit 017b7c5, 30 May 2018)
git-credential-netrc: acceptgpgoption
git-credential-netrcwas hardcoded to decrypt with 'gpg' regardless of the gpg.program option.
This is a problem on distributions like Debian that call modern GnuPG something else, like 'gpg2'
With Windows:
(Git has a gpg.exe in its distribution, but using a full GPG installation includes a gpg-agent.exe, which will memorize your passphrase associated to your GPG key.)
Install gpg4Win Lite, the minimum gnupg command-line interface (take the most recent gpg4win-vanilla-2.X.Y-betaZZ.exe), and complete your PATH with the GPG installation directory:
set PATH=%PATH%:C:\path\to\gpg
copy C:\path\to\gpg\gpg2.exe C:\path\to\gpg\gpg.exe
(Note the 'copy' command: Git will need a Bash script to execute the command 'gpg'. Since gpg4win-vanilla-2 comes with gpg2.exe, you need to duplicate it.)
Create or import a GPG key, and trust it:
gpgp --import aKey
# or
gpg --gen-key
(Make sure to put a passphrase to that key.)
Install the credential helper script in a directory within your %PATH%:
cd c:\a\fodler\in\your\path
curl -o c:\prgs\bin\git-credential-netrc https://raw.githubusercontent.com/git/git/master/contrib/credential/netrc/git-credential-netrc.perl
(Beware: the script is renamed in Git 2.25.x/2.26, see below)
(Yes, this is a Bash script, but it will work on Windows since it will be called by Git.)
Make a _netrc file in clear text
machine a_server.corp.com
login a_login
password a_password
protocol https
machine a_server2.corp.com
login a_login2
password a_password2
protocol https
(Don't forget the 'protocol' part: 'http' or 'https' depending on the URL you will use.)
Encrypt that file:
gpg -e -r a_recipient _netrc
(You now can delete the _netrc file, keeping only the _netrc.gpg encrypted one.)
Use that encrypted file:
git config --local credential.helper "netrc -f C:/path/to/_netrc.gpg -v"
(Note the '/': C:\path\to... wouldn't work at all.) (You can use at first -v -d to see what is going on.)
From now on, any Git command using an HTTP(S) URL which requires authentication will decrypt that _netrc.gpg file and use the login/password associated to the server you are contacting.
The first time, GPG will ask you for the passphrase of your GPG key, to decrypt the file.
The other times, the gpg-agent launched automatically by the first GPG call will provide that passphrase for you.
That way, you can memorize several URLs/logins/passwords in one file, and have it stored on your disk encrypted.
I find it more convenient than a "cache" helper", where you need to remember and type (once per session) a different password for each of your remote services, for said password to be cached in memory.
With Git 2.26 (Q1 2020), the sample credential helper for using .netrc has been updated to work out of the box. See patch/discussion.
See commit 6579d93, commit 1c78c78 (20 Dec 2019) by Denton Liu (Denton-L).
(Merged by Junio C Hamano -- gitster -- in commit 1fd27f8, 25 Dec 2019)
contrib/credential/netrc: makePERL_PATHconfigurableSigned-off-by: Denton Liu
The shebang path for the Perl interpreter in
git-credential-netrcwas hardcoded.
However, some users may have it located at a different location and thus, would have had to manually edit the script.Add a
.perlprefix to the script to denote it as a template and ignore the generated version.
Augment theMakefileso that it generatesgit-credential-netrcfromgit-credential-netrc.perl, just like other Perl scripts.The Makefile recipes were shamelessly stolen from
contrib/mw-to-git/Makefile.
And:
With 2.26 (Q1 2020), Sample credential helper for using .netrc has been updated to work out of the box.
See commit 6579d93, commit 1c78c78 (20 Dec 2019) by Denton Liu (Denton-L).
(Merged by Junio C Hamano -- gitster -- in commit 1fd27f8, 25 Dec 2019)
contrib/credential/netrc: work outside a repoSigned-off-by: Denton Liu
Currently,
git-credential-netrcdoes not work outside of a git repository. It fails with the following error:fatal: Not a git repository: . at /usr/share/perl5/Git.pm line 214.There is no real reason why need to be within a repository, though. Credential helpers should be able to work just fine outside the repository as well.
Call the non-self version of
config()so thatgit-credential-netrcno longer needs to be run within a repository.
Jeff King (peff) adds:
I assume you're using a gpg-encrypted
netrc(if not, you should probably just usecredential-store).
For "read-only" password access, I find the combination ofpasswith config like this is a bit nicer:[credential "https://github.com"] username = peff helper = "!f() { test $1 = get && echo password=`pass github/oauth`; }; f"
Source: Stackoverflow.com