Store credentials in git

Each time we run a pull or push command, git prompts for a username and a passphrase. A legacy but not safe way to tell git to store them is by running:

git config --global credential.helper store

However, this is not recommended, since it stores credentials in a plain text file[1].

Store credentials in memory

A much safer behavior is to cache the credentials in memory[2] during a limited time:

git config credential.helper 'cache --timeout=3600'

This command configures git to store credentials during one hour (can be changed by setting a different value for –timeout).

Store credentials with libsecret

Another way to store credentials in a safe manner uses libsecret[3], a GNOME library designed for storing passphrases or other secrets. As far as I know, there are no binaries provided by Ubuntu to use with git. However, the git package[4] contains the source code for such a helper. It requires installing the following libraries:

sudo apt install build-essential libsecret-1-0 libsecret-1-dev

Then we can compile the source:

sudo make --directory=/usr/share/doc/git/contrib/credential/libsecret

Using sudo is required because we compile sources in a subdirectory of /usr owned by the system. This will create a binary, so we can tell git to use it:

git config --global credential.helper /usr/share/doc/git/contrib/credential/libsecret/git-credential-libsecret

With the default settings, you should type your username and passphrase only once per login session.

Other methods

Other methods exist for Windows[5] or using pass[6]. See the references below.

References

  1. git-credential-store ↩︎

  2. git-credential-cache ↩︎

  3. Libsecret ↩︎

  4. File list of the Ubuntu git package ↩︎

  5. git-credential-cache for Windows ↩︎

  6. Safely storing git credentials ↩︎