Scaler
Academy
Data Science
Neovarsity
New
Skill Test
Free Masterclass
Search for Articles, Topics
Git Tutorial
Git Save Credentials

Git Save Credentials

By Niyati Thakkar
7 mins read
Last updated: 2 Mar 2023
169 views
Learn via video courses
Topics Covered

Overview

Every time we connect with the remote Git repository, to authenticate we are required to enter the username and password. It can be overhead and to resolve it we can configure git to save credentials in Git by using a remote URL or the Git credential helper. Credential helpers are safer than remote URL as it requires user access permissions.

Introduction

Git is an open-source and free version control system used when the project is to be built by a team of individuals. To verify these individuals and for security purposes, credentials are used. Whenever we try to connect, update, or commit changes on the remote server, we are required to enter credentials. It becomes tedious to enter the username and password again and again.

Git provides another method to save credentials in Git inside the .git folder of the repository. It will further not require the user to enter details repeatedly. Git will automatically fetch from there. We will be using remote URLs and helper texts to store the details of the user.

Inputting Credentials

Git has several ways to authenticate the credentials whenever a user tries to remotely connect. Let us see the steps taken by Git to authenticate.

Let us assume that no credentials are entered by the user. Git will first invoke instructions to allow the user to input a username and password.

The values given below are checked, if any of the credentials are set then the application is invoked. The user is then allowed to enter credentials and input is then read from the standard output.

  • GIT_ASKPASS environment variable
  • core.askPass configuration variable
  • SSH_ASKPASS environment variable

Note: If none of the above-given variables are set, then Git reverts to urge the user to enter credentials on the command prompt.

How do I Save My Git Credentials?

Enter passwords and usernames, again and again, can be error-prone, tiresome, and difficult. To avoid typing credentials manually each time we can instead store these using various methods.

Let us look at two ways to save username and password in Git.

Usernames and Passwords Inside URLs

We can embed a username and password in the repository's URL itself at the time of the cloning process of the repository.

Syntax:

Example:

Usernames and Passwords Inside URLs

On the other hand, the git config file can also be edited to save credentials in Git i.e. the password and username. This file is present inside the repository.

Syntax:

It is to be noted that the username, as well as the password, are stored as plain text in the file. Thus, anyone can have the access to it.

Credential Contexts

Another method to save credentials in Git is using the credential contexts. The command given below can be used to configure the git context with a specific user's credentials.

Syntax:

Example:

Credential Contexts

We can also edit the global file git config, present in the .gitconfig folder of the repository.

Syntax:

Note: Both the methods discussed above are not safe as the username and password are saved as text inside the repository.

Where are My Git Credentials Stored?

Git credentials stored using the URL or credential context are stored in files present in the .git folder of the repository.

As the credentials are set using credential context, then they are saved inside the .git-credentials file or the .config/git/credentials file.

Git reads these files for authentication details. Git writes one of the files to store the credentials. Also, it checks for the credentials in these files first before invoking the user application.

Credential Helpers

As we know the above two methods are not very reliable to save credentials in Git and thus, we require a more secure method to store details. Credential helpers in Git can be used to save data in multiple ways securely and it also integrates it with the 3rd party systems.

Cache Credential Helper

To configure the credential helper use the syntax given below.

Syntax:

The Git cache credential helper doesn't save the username and password inside the disk, it rather saves it inside the sockets. These UNIX sockets are accessible only with the help of file permissions which limit the access to the user who stored the files. It is more secure than the other methods discussed above.

Store Credential Helper

Alternatively, we can also use the credential helper store option to save the username and password in a file. This file is not encrypted but it has access controls with the user who created the file.

Syntax:

Custom Credential Helpers

Apart from the above two commonly used methods, we can also configure custom helpers to save credentials in Git. These are not very often used by users.

These are helpful because they integrate with the OS tools like Keychain (macOS), incorporate default authentication schemes, and additionally provide security mechanisms.

SSH Keys

SSH stands for Secure Shell Protocol is a better way to authenticate as compared to username and password. Modern Git servers facilitate users to access Git repositories using SSH keys over HTTPS.

These are harder to guess than a password and can be changed easily in case the key is shared with an unauthorized group. The main disadvantage of using SSH keys is these are blocked by some of the proxies or networks. And thus, it makes communication with the remote repository impossible.

Also, the SSH key is to be established on the client and the server side which can be overhead in large organizations.

Let us see how we can enable SSH for a git repository, we will use SSH protocol while cloning the repository. Syntax:

To configure SSH keys, the general process is,

  • Generate a random compatible public or private key combination.
  • Update this key to the git server.

The actual process may vary for different servers but these steps are necessary for all servers.

We are never supposed to share our private keys with anyone. Linux/Unix users may already have an SSH key pair configured in their respective home directories.

Config Username and Password for Different Repositories

If an individual is working for multiple organizations or a device is used by different individuals, different accounts for respective repositories are required. For such situations, we can configure different usernames and passwords for different Git repositories on the same Git server.

By default, Git uses the same credentials for all the repositories i.e. https://example.com/blee.git and https://example.com/dtee.git have the same credentials. If we want to use different credentials for different URLs, we are required to enable the useHttpPath option.

The command given below will configure Git credentials for different repositories on the same Git server.

Syntax:

We are storing usernames and passwords in a file named credentials. This file is stored in the .git folder which is hidden and stores all the version information of the project.

To store the credentials for a particular repository use the command.

Syntax:

Conclusion

  • It is a tedious process to enter a username and password each time we try to connect to the remote repository. To avoid entering the credentials again and again we can configure to save credentials in Git when entered initially.
  • Two ways to save the credentials are using remote URLs and Credentials contexts.
  • These two ways are not secure as they store the credentials as it is in the text file.
  • To securely store, we can use the credential helpers. It doesn't encrypt the data but it restricts the access of the file to only the user that created the file.
  • Another better way is using SSH keys instead of a username and password. The disadvantage of using SSH keys is, these are blocked by some of the networks making it impossible to reach the server.
  • We can also configure Git to store different credentials for different repositories.