Is there a way to cache https credentials for pushing commits?

Since Git 1.7.9 (released 2012), there is a neat mechanism in Git to avoid having to type your password all the time for HTTP / HTTPS, called credential helpers.

You can just use one of the following credential helpers:

git config --global credential.helper cache

The credential.helper cache value tells Git to keep your password cached in memory for a particular amount of minutes. The default is 15 minutes, you can set a longer timeout with:

# Cache for 1 hour
git config --global credential.helper "cache --timeout=3600"
# Cache for 1 day
git config --global credential.helper "cache --timeout=86400"
# Cache for 1 week
git config --global credential.helper "cache --timeout=604800"

You can also store your credentials permanently if so desired, see the other answers below.

GitHub's help also suggests that if you're on Mac OS X and used Homebrew to install Git, you can use the native Mac OS X keystore with:

git config --global credential.helper osxkeychain

For Windows, there is a helper called Git Credential Manager for Windows or wincred in msysgit.

git config --global credential.helper wincred # obsolete

With Git for Windows 2.7.3+ (March 2016):

git config --global credential.helper manager

For Linux, you would use (in 2011) gnome-keyring(or other keyring implementation such as KWallet).

Nowadays (2020), that would be (on Linux)

Fedora

sudo dnf install git-credential-libsecret
git config --global credential.helper /usr/libexec/git-core/git-credential-libsecret

Ubuntu

sudo apt-get install libsecret-1-0 libsecret-1-dev
cd /usr/share/doc/git/contrib/credential/libsecret
sudo make
git config --global credential.helper /usr/share/doc/git/contrib/credential/libsecret/git-credential-libsecret

• 81
  Don't store your password in plain text. As of Git 1.7.9 you can use credential helpers. git config --global credential.helper osxkeychain on OS X. For other OS see help.github.com/articles/set-up-git

  dazonic

  – dazonic

  2012年06月22日 07:29:39 +00:00

  Commented Jun 22, 2012 at 7:29
• 6
  FWIW, the osx keychain stuff is part of base GIT source code, it's not an exclusive component of Brew or MacPorts or whatever the flavor of the month is. And you don't even need to build git from scratch - just cd contrib/credential/osxkeychain/ and run make.

  synthesizerpatel

  – synthesizerpatel

  2013年04月09日 14:04:25 +00:00

  Commented Apr 9, 2013 at 14:04
• 13
  git config --global credential.helper cache doesn't work on windows: stackoverflow.com/questions/11693074/… use gitcredentialstore on Windows an be happy

  Sebastian J.

  – Sebastian J.

  2015年01月02日 15:35:51 +00:00

  Commented Jan 2, 2015 at 15:35
• 9
  Any way to set this timeout to infinity?

  sudo

  – sudo

  2015年08月10日 18:25:22 +00:00

  Commented Aug 10, 2015 at 18:25
• 4
  @Triynko That's why you don't type passwords on the command line. Any decent command-line tool which handles passwords either doesn't take them on the command line, or strongly discourages it. It's always recommended to provide credentials interactively. You run the command, it prompts Password: , and no other process sees what you enter. Anyone who uses passwords in shell commandlines deserves what they get. (Shows up in ps while the command is running, too.) But, those of us who don't freak out at the mere sight of a command prompt learned that way back in the 1990s.

  FeRD

  – FeRD

  2018年07月10日 12:26:55 +00:00

  Commented Jul 10, 2018 at 12:26

You can also have Git store your credentials permanently using git-credential-store as following:

git config credential.helper store

Note: While this is convenient, Git will store your credentials in clear text in a local file (.git-credentials) under your project directory (see below for the "home" directory). If you don't like this, delete this file and switch to using the cache option.

If you want Git to resume to asking you for credentials every time it needs to connect to the remote repository, you can run this command:

git config --unset credential.helper

To store the passwords in .git-credentials in your %HOME% directory as opposed to the project directory: use the --global flag

git config --global credential.helper store

• 7
  On Windows, you can download a helper utility configures things to store an encrypted version of your GIT password in the Windows Creditial Store, see confluence.atlassian.com/display/STASH/…

  Contango

  – Contango

  2013年01月22日 18:39:00 +00:00

  Commented Jan 22, 2013 at 18:39
• 80
  I found that I had to specify --global or it would try to store the settings in the current repository: git config --global credential.helper store

  Rag

  – Rag

  2013年05月15日 03:25:28 +00:00

  Commented May 15, 2013 at 3:25
• 6
  Why would do the cache instead of storing permanently? Sharing computers or something?

  Michael J. Calkins

  – Michael J. Calkins

  2013年08月24日 15:42:23 +00:00

  Commented Aug 24, 2013 at 15:42
• 2
  instead of storing maybe it would be better to just cache it at some long value for like a week or two, to figure out the maximum that it will allow use the largest values first, if you dont then you wont know if that value was accepted. I've successfully set the timeout to 99999 which is about 11 days, I'm not sure what the max is, but most programmers elect to align values on the byte (powers of 256) or metric boundary (powers of 10), metric is more likely for text-stored values. Use git config --global --get-all credential.helper to find out your current value(s).

  osirisgothra

  – osirisgothra

  2014年06月20日 11:58:24 +00:00

  Commented Jun 20, 2014 at 11:58
• 3
  @BrianGordon I'm using GIT 1.9.5 on Windows, and --global flag was redundant. Even without this flag, the credentials file was created in %USER_HOME% directory.

  jFrenetic

  – jFrenetic

  2015年08月18日 16:24:31 +00:00

  Commented Aug 18, 2015 at 16:24

TLDR; Use an encrypted netrc file with Git 1.8.3+.

Saving a password for a Git repository HTTPS URL is possible with a ~/.netrc (Unix) or %HOME%/_netrc (note the _) on Windows.

But: That file would store your password in plain text.

Solution: Encrypt that file with GPG (GNU Privacy Guard), and make Git decrypt it each time it needs a password (for push/pull/fetch/clone operation).

Note: with Git 2.18 (Q2 2018), you now can customize the GPG used to decrypt the encrypted .netrc file.

See commit 786ef50, commit f07eeed (12 May 2018) by Luis Marsano (``).
^{(Merged by Junio C Hamano -- gitster -- in commit 017b7c5, 30 May 2018)}

git-credential-netrc: accept gpg option

git-credential-netrc was hardcoded to decrypt with 'gpg' regardless of the gpg.program option.
This is a problem on distributions like Debian that call modern GnuPG something else, like 'gpg2'

Step-by-Step instructions for Windows

With Windows:

(Git has a gpg.exe in its distribution, but using a full GPG installation includes a gpg-agent.exe, which will memorize your passphrase associated to your GPG key.)

• Install gpg4Win Lite, the minimum gnupg command-line interface (take the most recent gpg4win-vanilla-2.X.Y-betaZZ.exe), and complete your PATH with the GPG installation directory:

   set PATH=%PATH%:C:\path\to\gpg
   copy C:\path\to\gpg\gpg2.exe C:\path\to\gpg\gpg.exe
  

(Note the 'copy' command: Git will need a Bash script to execute the command 'gpg'. Since gpg4win-vanilla-2 comes with gpg2.exe, you need to duplicate it.)

• Create or import a GPG key, and trust it:

   gpgp --import aKey
   # or
   gpg --gen-key
  

(Make sure to put a passphrase to that key.)

• Trust that key

• Install the credential helper script in a directory within your %PATH%:

   cd c:\a\fodler\in\your\path
   curl -o c:\prgs\bin\git-credential-netrc https://raw.githubusercontent.com/git/git/master/contrib/credential/netrc/git-credential-netrc.perl
  

(Beware: the script is renamed in Git 2.25.x/2.26, see below)

(Yes, this is a Bash script, but it will work on Windows since it will be called by Git.)

• Make a _netrc file in clear text

   machine a_server.corp.com
   login a_login
   password a_password
   protocol https
   machine a_server2.corp.com
   login a_login2
   password a_password2
   protocol https
  

(Don't forget the 'protocol' part: 'http' or 'https' depending on the URL you will use.)

• Encrypt that file:

   gpg -e -r a_recipient _netrc
  

(You now can delete the _netrc file, keeping only the _netrc.gpg encrypted one.)

• Use that encrypted file:

   git config --local credential.helper "netrc -f C:/path/to/_netrc.gpg -v"
  

(Note the '/': C:\path\to... wouldn't work at all.) (You can use at first -v -d to see what is going on.)

From now on, any Git command using an HTTP(S) URL which requires authentication will decrypt that _netrc.gpg file and use the login/password associated to the server you are contacting. The first time, GPG will ask you for the passphrase of your GPG key, to decrypt the file. The other times, the gpg-agent launched automatically by the first GPG call will provide that passphrase for you.

That way, you can memorize several URLs/logins/passwords in one file, and have it stored on your disk encrypted.
I find it more convenient than a "cache" helper", where you need to remember and type (once per session) a different password for each of your remote services, for said password to be cached in memory.

With Git 2.26 (Q1 2020), the sample credential helper for using .netrc has been updated to work out of the box. See patch/discussion.

See commit 6579d93, commit 1c78c78 (20 Dec 2019) by Denton Liu (Denton-L).
^{(Merged by Junio C Hamano -- gitster -- in commit 1fd27f8, 25 Dec 2019)}

contrib/credential/netrc: make PERL_PATH configurable

^{Signed-off-by: Denton Liu}

The shebang path for the Perl interpreter in git-credential-netrc was hardcoded.
However, some users may have it located at a different location and thus, would have had to manually edit the script.

Add a .perl prefix to the script to denote it as a template and ignore the generated version.
Augment the Makefile so that it generates git-credential-netrc from git-credential-netrc.perl, just like other Perl scripts.

The Makefile recipes were shamelessly stolen from contrib/mw-to-git/Makefile.

And:

With 2.26 (Q1 2020), Sample credential helper for using .netrc has been updated to work out of the box.

See commit 6579d93, commit 1c78c78 (20 Dec 2019) by Denton Liu (Denton-L).
^{(Merged by Junio C Hamano -- gitster -- in commit 1fd27f8, 25 Dec 2019)}

contrib/credential/netrc: work outside a repo

^{Signed-off-by: Denton Liu}

Currently, git-credential-netrc does not work outside of a git repository. It fails with the following error:

fatal: Not a git repository: . at /usr/share/perl5/Git.pm line 214.

There is no real reason why need to be within a repository, though. Credential helpers should be able to work just fine outside the repository as well.

Call the non-self version of config() so that git-credential-netrc no longer needs to be run within a repository.

Jeff King (peff) adds:

I assume you're using a gpg-encrypted netrc (if not, you should probably just use credential-store).
For "read-only" password access, I find the combination of pass with config like this is a bit nicer:

[credential "https://github.com"]
username = peff
helper = "!f() { test 1ドル = get && echo password=`pass github/oauth`; }; f"

The 2013 "fatal: Not a git repository" error message with Git.pm is... fixed with Git 2.39 (Q4 2022):

See commit 20da61f (22 Oct 2022) by Jeff King (peff).
See commit 77a1310 (16 Oct 2022) by Michael McClimon (mmcclimon).
^{(Merged by Junio C Hamano -- gitster -- in commit 330135a, 28 Oct 2022)}

Git.pm: trust rev-parse to find bare repositories

^{Signed-off-by: Jeff King}

When initializing a repository object, we run "git rev-parse --git-dir"^(man) to let the C version of Git find the correct directory.
But curiously, if this fails we don't automatically say "not a git repository".
Instead, we do our own pure-Perl check to see if we're in a bare repository.

This makes little sense, as rev-parse will report both bare and non-bare directories.
This logic comes from d5c7721 ("Git.pm: Add support for subdirectories inside of working copies", 2006年06月24日, Git v1.4.3-rc1 -- merge), but I don't see any reason given why we can't just rely on rev-parse.
Worse, because we treat any non-error response from rev-parse as a non-bare repository, we'll erroneously set the object's WorkingCopy, even in a bare repository.

But it gets worse.
Since 8959555 (setup_git_directory(): add an owner check for the top-level directory, 2022年03月02日, Git v2.36.0-rc2 -- merge) (setup_git_directory(): add an owner check for the top-level directory, 2022年03月02日), it's actively wrong (and dangerous).
The Perl code doesn't implement the same ownership checks.
And worse, after "finding" the bare repository, it sets GIT_DIR in the environment, which tells any subsequent Git commands that we've confirmed the directory is OK, and to trust us.
I.e., it re-opens the vulnerability plugged by 8959555 when using Git.pm's repository discovery code.

We can fix this by just relying on rev-parse to tell us when we're not in a repository, which fixes the vulnerability.
Furthermore, we'll ask its --is-bare-repository function to tell us if we're bare or not, and rely on that.

In Git 2.39, Git.pm stopped working in a bare repository, which has been corrected with Git 2.47 (Q4 2024), batch 19.

See commit d3edb0b, commit e4b353d (12 Sep 2024) by Jeff King (peff).
^{(Merged by Junio C Hamano -- gitster -- in commit 83c1cc9, 20 Sep 2024)}

Git.pm: use "rev-parse --absolute-git-dir" rather than perl code

^{Signed-off-by: Jeff King}

When we open a repository with the "Directory" option, we use "rev-parse --git-dir" to get the path relative to that directory, and then use Cwd::abs_path() to make it absolute (since our process working directory may not be the same).

These days we can just ask for "--absolute-git-dir" instead, which saves us a little code.
That option was added in Git v2.13.0 via a2f5a87 ("rev-parse: add '--absolute-git-dir' option", 2017年02月03日, Git v2.13.0-rc0 -- merge listed in batch #1).
I don't think we make any promises about running mismatched versions of Git and Git.pm, but even if somebody tries it, that's sufficiently old that it should be OK.

• 1
  trying the same thing on linux .. git config --local credential.helper "netrc -f /home/me/.netrc.gpg -v -d" ..and i get "git : 'credential-netrc' is not a git command. see 'git --help'"

  sunny

  – sunny

  2013年12月21日 03:26:43 +00:00

  Commented Dec 21, 2013 at 3:26
• 4
  @sunny That is what the curl -o c:\prgs\bin\git-credential-netrc https://raw.github.com/git/git/master/contrib/credential/netrc/git-credential-netrc is for: you need to copy the git-credential-netrc anywhere in your path ($PATH), in order for git to be able to call 'credential-netrc'.

  VonC

  – VonC

  2013年12月22日 00:14:07 +00:00

  Commented Dec 22, 2013 at 0:14
• Well, the _netrc didn't work for me on a Windows 7 PC, but the .netrc worked for youtube-dl with the --netrc argument passed to it.

  Iulian Onofrei

  – Iulian Onofrei

  2015年04月12日 23:02:10 +00:00

  Commented Apr 12, 2015 at 23:02
• 1
  @GwynethLlewelyn Thank you. I have edited the answer accordingly. Don't hesitate to edit it yourself if you see any other obsolete information.

  VonC

  – VonC

  2020年03月26日 05:06:51 +00:00

  Commented Mar 26, 2020 at 5:06
• 2
  Can you add how to do it on linux? Beacuse it not clear at all what you are doing here.

  aldokkani

  – aldokkani

  2020年09月30日 16:43:59 +00:00

  Commented Sep 30, 2020 at 16:43

Use a credential store.

For Git 2.11+ on OS X and Linux, use Git's built in credential store:

git config --global credential.helper libsecret

For msysgit 1.7.9+ on Windows:

git config --global credential.helper wincred

For Git 1.7.9+ on OS X use:

git config --global credential.helper osxkeychain

• 3
  I'm sure that this is the way to go, but I get an error sadly: git: 'credential-gnome-keyring' is not a git command. See 'git --help'.

  codepleb

  – codepleb

  2017年02月12日 10:43:25 +00:00

  Commented Feb 12, 2017 at 10:43
• 1
  @TrudleR I updated my answer to recomend upgrading git to 2.11 and then using git config --global credential.helper libsecret it appears that gnome-keyring is deprecated stackoverflow.com/questions/13385690/…

  roo2

  – roo2

  2017年02月13日 12:13:24 +00:00

  Commented Feb 13, 2017 at 12:13
• 1
  Thanks, but I get the same error somehow. Am I doing something wrong? I type the command and nothing happens. As soon as I push, I'm asked for the credentials, which I successfully insert, but I get the error, that it is not a git command after doing that.

  codepleb

  – codepleb

  2017年02月14日 21:56:53 +00:00

  Commented Feb 14, 2017 at 21:56
• 3
  Before libsecret will work on Linux, you need to do these steps: stackoverflow.com/a/40312117/775800

  Lavamantis

  – Lavamantis

  2017年05月02日 21:52:27 +00:00

  Commented May 2, 2017 at 21:52
• 3
  Security Issue: the Windows credential manager makes your plaintext password accessible to anybody logged in to your Windows account. All they need to do is send a request to the credential manager such as printf "protocol=https\nhost=git.mycompany.com\n" | git credential-manager get (more details here). You should always use a personal access token with this, and of course use 2FA on your GitHub account.

  cjs

  – cjs

  2018年02月20日 22:58:26 +00:00

  Commented Feb 20, 2018 at 22:58

There's an easy, old-fashioned way to store user credentials in an HTTPS URL:

https://user:[email protected]/...

You can change the URL with git remote set-url <remote-repo> <URL>

The obvious downside to that approach is that you have to store the password in plain text. You can still just enter the user name (https://[email protected]/...) which will at least save you half the hassle.

You might prefer to switch to SSH or to use the GitHub client software.

• 2
  The username/password might need to be encoded, see stackoverflow.com/a/34611311/3906760

  MrTux

  – MrTux

  2016年01月05日 12:26:30 +00:00

  Commented Jan 5, 2016 at 12:26

You can just use

git config credential.helper store

When you enter password next time with pull or push, it will be stored in file .git-credentials as plain text (a bit unsecure, but just put it into a protected folder).

And that's it, as stated on this page:

git-credential-store

• 3
  For Git for Windows 2.7.3 (March 2016): github.com/git-for-windows/git/releases?after=v2.8.4.windows.1, that would be git config credential.helper manager instead

  VonC

  – VonC

  2016年09月21日 14:46:36 +00:00

  Commented Sep 21, 2016 at 14:46

On a GNU/Linux setup, a ~/.netrc works quite well too:

$ cat ~/.netrc
machine github.com login lot105 password howsyafather

It might depend on which network libraries Git is using for HTTPS transport.

• 4
  Make sure to also chmod 0600 ~/.netrc.

  poolie

  – poolie

  2013年05月31日 03:58:28 +00:00

  Commented May 31, 2013 at 3:58
• Just want to leave a link here to the Ubuntu netrc manpage. I needed to create it for another user (/home/git/.netrc) then change ownership to that user.

  serendipity07

  – serendipity07

  2015年01月14日 07:28:25 +00:00

  Commented Jan 14, 2015 at 7:28
• How is dad going these days, anyway?

  NeilG

  – NeilG

  2024年02月28日 09:42:39 +00:00

  Commented Feb 28, 2024 at 9:42

It wasn't immediately obvious to me that I needed to download the helper first! I found the credential.helper download at Atlassian's Permanently authenticating with Git repositories.

Quote:

Follow these steps if you want to use Git with credential caching on OS X:

Download the binary git-credential-osxkeychain.

Run the command below to ensure the binary is executable:

chmod a+x git-credential-osxkeychain

Put it in the directory /usr/local/bin.

Run the command below:

git config --global credential.helper osxkeychain

Simply include the login credentials as part of the URL:

git remote rm origin
git remote add origin https://username:[email protected]/path/to/repo.git

Note: I do not recommend this method, but if you are in rush and nothing else works, you can use this method.

• 12
  it will work you have to escape @ with %40 in your email id

  Tarun Gupta

  – Tarun Gupta

  2016年04月18日 07:33:12 +00:00

  Commented Apr 18, 2016 at 7:33
• What if we have a '+' in the email id ? I tried the same escape but the push said 'repo not found'

  killjoy

  – killjoy

  2016年08月02日 12:22:07 +00:00

  Commented Aug 2, 2016 at 12:22
• 4
  have %2B instead of +

  Tarun Gupta

  – Tarun Gupta

  2016年08月03日 11:31:45 +00:00

  Commented Aug 3, 2016 at 11:31
• Storing password in plaintext and easily accessible one may not be the optimal solution.

  reducing activity

  – reducing activity

  2018年11月28日 11:04:27 +00:00

  Commented Nov 28, 2018 at 11:04

You can use the Git Credential Manager (GCM) plugin. It is currently maintained by GitHub. The nice thing is that it saves the password in the Windows Credential Store, not as plain text.

There is an installer on the releases page of the project. This will also install the official version of Git for Windows with the credential manager built-in. It allows two-factor authentication for GitHub (and other servers). And has a graphical interface for initially logging in.

For Cygwin users (or users already using the official Git for Windows), you might prefer the manual install. Download the zip package from the releases page. Extract the package, and then run the install.cmd file. This will install to your ~/bin folder. (Be sure your ~/bin directory is in your PATH.) You then configure it using this command:

git config --global credential.helper manager

Git will then run the git-credential-manager.exe when authenticating to any server.

• 3
  Anybody logged into your account does have easy access to the plaintext of the password. All they need to do is send a request to the credential manager such as printf "protocol=https\nhost=git.mycompany.com\n" | git credential-manager get (more details here). You should always use a personal access token with this, and of course use 2FA on your GitHub account.

  cjs

  – cjs

  2018年02月20日 22:59:39 +00:00

  Commented Feb 20, 2018 at 22:59

If you don't want to store your password in plaintext like Mark said, you can use a different GitHub URL for fetching than you do for pushing. In your configuration file, under [remote "origin"]:

url = git://github.com/you/projectName.git
pushurl = [email protected]:you/projectName.git

It will still ask for a password when you push, but not when you fetch, at least for open source projects.

OAuth

You can create your own personal API token (OAuth) and use it the same way as you would use your normal credentials (at: /settings/tokens). For example:

git remote add fork https://[email protected]/foo/bar
git push fork

.netrc

Another method is to configure your user/password in ~/.netrc (_netrc on Windows), e.g.

machine github.com
login USERNAME
password PASSWORD

For HTTPS, add the extra line:

protocol https

A credential helper

To cache your GitHub password in Git when using HTTPS, you can use a credential helper to tell Git to remember your GitHub username and password every time it talks to GitHub.

• Mac: git config --global credential.helper osxkeychain (osxkeychain helper is required),
• Windows: git config --global credential.helper wincred
• Linux and other: git config --global credential.helper cache

Related:

• How to store your GitHub https password on Linux in a terminal keychain?
• How do I ensure Git doesn't ask me for my GitHub username and password?
• Configure Git clients, like GitHub for Windows, to not ask for authentication
• Pushing a local repo to a GitHub repo which has dual-factor authentication

You can use credential helpers.

git config --global credential.helper 'cache --timeout=x'

where x is the number of seconds.

• 9
  It is number of seconds ... Some genius updated it as milliseconds and everyone approved it without checking. Please don't mislead people if you don't know the answer. Thanks!

  Charan

  – Charan

  2014年09月09日 15:59:43 +00:00

  Commented Sep 9, 2014 at 15:59
• Can you give a link to a place where store, cache and other common things are listed and explained?

  Notinlist

  – Notinlist

  2014年11月20日 10:10:49 +00:00

  Commented Nov 20, 2014 at 10:10
• 5
  Care to mention the fact that this does jack shit unless you call another specific command to use the 'cache' as the manager first? This stuff is so cryptic, all of these answers are incomplete, and none of them work. Incredibly frustrating. See this instead: stackoverflow.com/a/24800870/88409

  Triynko

  – Triynko

  2017年11月21日 19:45:26 +00:00

  Commented Nov 21, 2017 at 19:45

After you clone repository repo, you can edit repo/.git/config and add some configuration like below:

[user]
 name = you_name
 password = you_password
[credential]
 helper = store

Then you won't be asked for username and password again.

• Works for me with helper = manager (but I'm asked for username+repo for the first push).

  Stéphane Laurent

  – Stéphane Laurent

  2017年01月22日 20:08:47 +00:00

  Commented Jan 22, 2017 at 20:08
• with helper=manager I am getting error credential-manager is not a git command

  PapaDiHatti

  – PapaDiHatti

  2017年05月01日 10:27:11 +00:00

  Commented May 1, 2017 at 10:27
• 1
  Unfortunately git ignores the password in the config file. .git_credentials with credential.store is the only option.

  Avamander

  – Avamander

  2018年04月04日 20:31:57 +00:00

  Commented Apr 4, 2018 at 20:31

I know this is not a secure solution, but sometimes you need just a simple solution - without installing anything else. And since helper = store did not work for me, I created a dummy helper:

Create a script and put it in your users bin folder, here named credfake, this script will provide your username and your password:

#!/bin/bash
while read line
do
 echo "$line"
done < "/dev/stdin"
echo username=mahuser
echo password=MahSecret12345

make it executable:

chmod u+x /home/mahuser/bin/credfake

then configure it in git:

git config --global credential.helper /home/mahuser/bin/credfake

(or use it without --global for the one repo only)

and - voilá - git will use this user + password.

• I agree. Simple (if unsecure) solution indeed. +1, as long as you know what you are doing.

  VonC

  – VonC

  2017年05月27日 16:56:40 +00:00

  Commented May 27, 2017 at 16:56

An authentication token should be used instead of the account password. Go to GitHub settings/applications and then create a personal access token. The token can be used the same way a password is used.

The token is intended to allow users not use the account password for project work. Only use the password when doing administration work, like creating new tokens or revoke old tokens.

Instead of a token or password that grants a user whole access to a GitHub account, a project specific deployment key can be used to grant access to a single project repository. A Git project can be configured to use this different key in the following steps when you still can access other Git accounts or projects with your normal credential:

1. Write an SSH configuration file that contains the Host, IdentityFile for the deployment key, maybe the UserKnownHostsFile, and maybe the User (though I think you don't need it).
2. Write an SSH wrapper shell script that virtually is ssh -F /path/to/your/config $*
3. Prepend GIT_SSH=/path/to/your/wrapper in front of your normal Git command. Here the git remote (origin) must use the [email protected]:user/project.git format.

It is better to use credentials for security, but you can keep it for some time using the cache:

git config --global credential.helper cache
git config credential.helper 'cache --timeout=3600'

Your credentials will be saved for 3600 seconds.

• 1
  It means after 3600 seconds , we have to input password again ??? How to save them permanently ?

  Hoang

  – Hoang

  2015年08月27日 09:00:54 +00:00

  Commented Aug 27, 2015 at 9:00
• $ git config credential.helper 'cache --timeout=3600' error: could not lock config file .git/config: No such file or directory

  PlantationGator

  – PlantationGator

  2015年10月21日 17:41:17 +00:00

  Commented Oct 21, 2015 at 17:41
• This worked: git config --global credential.helper 'cache --timeout=3600'

  PlantationGator

  – PlantationGator

  2015年10月21日 17:43:36 +00:00

  Commented Oct 21, 2015 at 17:43
• Will this work inside a Docker container (based on windowsservercore)?

  Peter Mortensen

  – Peter Mortensen

  2018年09月30日 09:19:16 +00:00

  Commented Sep 30, 2018 at 9:19
• 1
  @NeilChowdhury that is not true. According to the official doc, by default, the password will be kept for 15 min. Do not spread ungrounded words like this!

  jdhao

  – jdhao

  2020年09月25日 13:16:14 +00:00

  Commented Sep 25, 2020 at 13:16

Usually you have a remote URL, something like this,

git remote -v
origin https://gitlab.com/username/Repo.git (fetch)
origin https://gitlab.com/username/Repo.git (push)

If you want to skip username and password while using git push, try this:

 git remote set-url origin https://username:[email protected]/username/Repo.git

I've just added the same URL (with user details including password) to origin.

NOTE: It doesn't work if username is an email Id.

git remote -v
origin https://username:[email protected]/username/Repo.git (fetch)
origin https://username:[email protected]/username/Repo.git (push)

Things are a little different if you're using two-factor authentication as I am. Since I didn't find a good answer elsewhere, I'll stick one here so that maybe I can find it later.

If you're using two-factor authentication, then specifying username/password won't even work - you get access denied. But you can use an application access token and use Git's credential helper to cache that for you. Here are the pertinent links:

• Setting up the command-line to work with 2-factor auth (search for section titled "How does it work for command-line Git?")
• Credential caching

And I don't remember where I saw this, but when you're asked for your username - that's where you stick the application access token. Then leave the password blank. It worked on my Mac.

• when using 2 way authentication, you use the "access token" as the password. the username stays the same as always

  Ben Yitzhaki

  – Ben Yitzhaki

  2019年02月19日 10:17:10 +00:00

  Commented Feb 19, 2019 at 10:17

You also edit the bashrc file and add a script in it.

This would ask for your password once when you start Git and then remembers it until you log off.

SSH_ENV=$HOME/.ssh/environment
 
# Start the ssh-agent
function start_agent {
  echo "Initializing new SSH agent..."
  # Spawn ssh-agent
  /usr/bin/ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}"
  echo succeeded
  chmod 600 "${SSH_ENV}"
  . "${SSH_ENV}" > /dev/null
  /usr/bin/ssh-add
}
 
if [ -f "${SSH_ENV}" ]; then
   . "${SSH_ENV}" > /dev/null
  ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
   start_agent;
 }
else
  start_agent;
fi

As of 2021, there is a secure user-friendly cross-platform solution for HTTPS remotes. No more typing passwords! No more SSH keys! No more personal access tokens!

Install Git Credential Manager developed by GitHub (downloads). It supports passwordless OAuth authentication to GitHub, BitBucket, Azure and GitLab. This means you can enable two-factor authentication on GitHub and the other platforms, greatly improving the security of your accounts.

When you push, you are offered a choice of authentication methods:

> git push
Select an authentication method for 'https://github.com/':
 1. Web browser (default)
 2. Device code
 3. Personal access token
option (enter for default): 1
info: please complete authentication in your browser...

On Linux, a tiny bit of setup is required. The following caches credentials in memory for 20 hours, so you have to authenticate at most once per day.

git-credential-manager-core configure
git config --global credential.credentialStore cache
git config --global credential.cacheoptions=--timeout 72000

Power users familiar with gnome-keyring or KWallet may prefer to change the credential store to libsecret.

Cosmetic configuration: Since I always choose 'web browser' at the prompt above, I set a gitHubAuthModes preference to skip the choice. Recent versions of GCM include a GUI that adds an extra click to the authtentication flow, I disable that.

git config --global credential.gitHubAuthModes browser
git config --global credential.guiPrompt false

This works for me I'm using Windows 10

git config --global credential.helper wincred

I got my answer from gitcredentials(7) Manual Page . For my case, I don't have credential-cache in my Windows installation; I use credential-store.

After I use credential-store, the username/password are stored in [user folder]/.git-credentials file. To remove the username/password, just delete the content of the file.

• 2
  When you don't have credential-cache in your windows, I would suggest to use git config --global credential.helper wincred this store the password permanently.

  eQ19

  – eQ19

  2016年04月03日 09:45:37 +00:00

  Commented Apr 3, 2016 at 9:45

Two-factor authentication has changed how users authenticate to websites, but Git still assumes users can type a password from memory.

Introducing git-credential-oauth: a Git credential helper that securely authenticates to GitHub, GitLab, BitBucket and other forges using OAuth.

No more passwords! No more personal access tokens! No more SSH keys!

The first time you push, the helper will open a browser window to authenticate. Subsequent pushes within the cache timeout require no interaction.

Install from https://github.com/hickford/git-credential-oauth/releases/

Configure with:

git config --global --unset-all credential.helper
git config --global --add credential.helper "cache --timeout 7200" # two hours
git config --global --add credential.helper oauth

The composer documentation mentions that you can prevent it from using the GitHub API, so that it acts like git clone:

If you set the no-api key to true on a GitHub repository it will clone the repository as it would with any other Git repository instead of using the GitHub API. But unlike using the git driver directly, composer will still attempt to use GitHub's zip files.

So the section would look like this:

"repositories": [
 {
 "type": "vcs",
 "no-api": true,
 "url": "https://github.com/your/repo"
 }
],

Keep in mind that the API is there for a reason. So it this should be a method of last resort regarding the increased load on github.com.

• Not certain what this answer has to do with the original question.

  Charles Oppermann

  – Charles Oppermann

  2015年07月10日 16:05:51 +00:00

  Commented Jul 10, 2015 at 16:05

Caching credentials locally using Git Credential Manager (GCM) on Ubuntu, tested on Ubuntu 20.04 and 18.04, but should work on other Linux distros.

1. Set up git credential manager:

curl -LO https://raw.githubusercontent.com/GitCredentialManager/git-credential-manager/main/src/linux/Packaging.Linux/install-from-source.sh
sh ./install-from-source.sh
git-credential-manager-core configure
git config --global credential.credentialStore cache
git config --global credential.cacheoptions "--timeout 72000"
sudo rm -rf git-credential-manager/
sudo rm install-from-source.sh

2. Go to a repo and run git fetch
3. Select Device code
4. Visit the link and enter the code provided in the output

I also had that problem on MacOS, and the following command worked for me:

rm -rf ~/.git-credentials 

That is a forced method to really remove all git credentials. And next time I used the push command, voilà: I am prompted for a username and password (or token).

Under linux and compatible systems, you may use

~/.git-credentials

If you are using osxkeychain and had a token expire and want to update it, follow these steps:

Run in terminal, then press enter twice.

git credential-osxkeychain erase
 host=github.com
 protocol=https

Now you should be prompted for a username/password. However sometimes it seems this does not 'take' and you have to keep re-entering.

If so, restart your computer. Now the next time you run a git command and enter your username/password, it will be saved.

• git
• github
• git-push
• git-config