35

I use the Git on my workplace and company policy doesn't allow me to store passwords in unsecure way. Is there any better option than using git config credential.helper store for storing password to the Git server?

P.S. Can't use key-authentication as it's not allowed on our server.

asked Jan 23, 2015 at 6:58
4
  • 1
    It's better security to avoid passwords altogether. If you can, use ssh and ssh keys to access the repository. Commented Jan 23, 2015 at 7:49
  • Agree, I use it for GitHub, but unfortunatelly our server uses https only. I can't change it as it corporate policy(?). Commented Jan 23, 2015 at 7:50
  • I hope you mean https. Commented Jan 23, 2015 at 7:50
  • The question mark tells me you don't know if it's policy. Many times these things aren't. Even if it is, policies can be changed. Up to you to decide if it's worth making the suggestion. Commented Jan 23, 2015 at 7:53

1 Answer 1

76

git config credential.helper store is not very secure; as it said in documentation:

Using this helper will store your passwords unencrypted on disk, protected only by filesystem permissions

The ~/.git-credentials file will have its filesystem permissions set to prevent other users on the system from reading it, but will not be encrypted or otherwise protected.

So it stores your password as is. Git allows to use your keychain git config --global credential.helper osxkeychain for OSX, so it seems to be more secure. For Linux system you may use git config credential.helper cache, which stores passwords in your memory. Or you can write your own as it said in git help credentials:

You can write your own custom helpers to interface with any system in which you keep credentials. See the documentation for Git's credentials API for details

Besides, @VonC pointed to the cross-platform GPG-based solution. See also this question about .netrc file.

There is also gnome-keyring helper for Linux (thanks to @jazakmeister for advice)

answered Jan 23, 2015 at 6:58
Sign up to request clarification or add additional context in comments.

Use the netrc gpg-encrypted credential helper: stackoverflow.com/a/18362082/6309. Works on any platform, Windows, OsX, Linux.
There is also a gnome-keyring helper too.
How do I store the password with encryption in windows ?
@testerjoe just look at comments above
I ran git config credential.helper cache in my terminal in Ubuntu, then git pull ask for credentials. Ran git pull once again, credentials were not asked. It works.

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.