How to store multiple PATs/passwords for use by git?
Any credential helper should follow the same process.
But if you have multiple account/password for the same domain (say github.com for instance), then you need to change your remote URL
cd /path/to/my/local/repo1
git remote set-url origin https://user1@github.com/user1/myRepo1
^^^^^^
cd /path/to/my/local/repo2
git remote set-url origin https://user2@github.com/user1/myRepo2
^^^^^^
That way, the credential helper will differentiate your different account.
Since gcm core is a bit fineky to install, test it first with the classic libsecret-based helper.
How can I save username and password in Git?
Attention: This method saves the credentials in plaintext on your PC's disk. Everyone on your computer can access it, e.g. malicious NPM modules.
Run
git config --global credential.helper store
then
git pull
provide a username and password and those details will then be remembered later. The credentials are stored in a file on the disk, with the disk permissions of "just user readable/writable" but still in plaintext.
If you want to change the password later
git pull
Will fail, because the password is incorrect, git then removes the offending user+password from the ~/.git-credentials
file, so now re-run
git pull
to provide a new password so it works as earlier.
Using multiple git personal access tokens (PAT) with Credential Manager
There are a couple different approaches you can take here. One is to create a single token with the gist
and repo
scopes and use that generally. That token does have access to all your repositories, but if you're using a credential helper, then it's stored in an encrypted way and it shouldn't be too risky.
Since you're actually using two different domains here (github.com
and gist.github.com
), you can use separate tokens without a problem. Tokens are stored scoped on the domain, so there's no conflict here. Just use each credential on its respective domain.
If you want to use different tokens for different repositories, you can do that by setting credential.usehttppath
to true
. That can also be scoped to a particular URL pattern (including wildcards) such that you it only applies to GitHub (e.g., with git config --global credential.https://github.com/.usehttppath true
). Each repository will then have its own set of credentials, and you can store as many tokens as you like. If you have a lot of repositories, this will likely become inconvenient quickly, though.
Finally, if you just want to have different tokens for public and private access, you can do this for GitHub by taking advantage of the fact that GitHub ignores the username when you use a token. You can therefore clone public repositories by putting a public@
before the hostname (e.g., https://public@github.com/git/git.git
) and then using private@
for private repositories. Git's credential helpers will store separate credentials for these fake usernames and the respective token will be used.
Where to store my Git personal access token?
Half the point of passwords is that (ideally) you memorize them and the system hashes them, so therefore they're never stored anywhere in plain text.
Yet GitHub's personal access token system seems to basically force you to store the token in plain text?
First, a PAT (Personal Access Token) is not a simple password, but an equivalent that:
- you can generate multiple time (for instance, one per machine from which you need to access GitHub repository)
- you can revoke at any time (from the GitHub web interface), which makes that PAT obsolete, even if it lingers around on one of those machines.
That differs from your password, which is unique to your account, and cannot be easily changed without having to also modify it everywhere you happen to use it.
Since a PAT can be used in place of a password when performing Git operations over HTTPS with Git on the command line or the API, you can use a git credential helper to cache it securely.
On Windows, for instance, that would use the Windows Credential Manager, through the GCM -- Git Credential Manager -- for Windows, Mac or Linux:
git config --global credential.helper manager-core
The first time you are pushing to a repo, a popup will ask for your credentials: username and your PAT.
The next time, it won't ask, and reuse directly that PAT, which remains stored securely in your Credential Manager.
A similar idea applies for Mac with the OSX keychain, and Linux with the GNOME Keyring (in 2021, it would need a DBus session and libsecret
), but in 2021, GCM-Core covers those use cases.
The idea remains: store the PAT in an encrypted credentials store.
As mentioned above, the more modern solution (Q4 2020) is Microsoft Git-Credential-Manager-Core
git config --global credential.helper manager-core
You need for that to install git-credential-manager-core
, downloading its latest release, like gcmcore-linux_amd64.2.0.474.41365.deb
sudo dpkg -i <path-to-package>
git-credential-manager-core configure
Although, with GCM (Git-Credential-Manager-Core) on Linux, as noted by Mekky Mayata in the comments, you need to define a git config --global credential.credentialStore
first.
See "Credential stores on Linux":
There are four options for storing credentials that Git Credential Manager (GCM) manages on Linux platforms:
- freedesktop.org Secret Service API
- GPG/
pass
compatible files- Git's built-in credential cache
- Plaintext files
By default, GCM comes not configured.
You can select which credential store to use by setting theGCM_CREDENTIAL_STORE
environment variable, or thecredential.credentialStore
Git configuration setting.
As noted by agent18 in the comments, using git-credential-libsecret
after installing libsecret-1-0
and libsecret-1-dev
is a good first step.
But, again, that should be now wrapped by credential-manager-core
.
Git credential helper - update password
None of these answers ended up working for my Git credential issue. Here is what did work if anyone needs it (I'm using Git 1.9 on Windows 8.1).
To update your credentials, go to Control Panel → Credential Manager → Generic Credentials. Find the credentials related to your Git account and edit them to use the updated password.
Reference: How to update your Git credentials on Windows
Note that to use the Windows Credential Manager for Git you need to configure the credential helper like so:
git config --global credential.helper wincred
If you have multiple GitHub accounts that you use for different repositories, then you should configure credentials to use the full repository path (rather than just the domain, which is the default):
git config --global credential.useHttpPath true
Multiple GitHub accounts on the same computer?
All you need to do is configure your SSH setup with multiple SSH keypairs.
This link is easy to follow (Thanks Eric):
http://code.tutsplus.com/tutorials/quick-tip-how-to-work-with-github-and-multiple-accounts--net-22574
Generating SSH keys (Win/msysgit):
https://help.github.com/articles/generating-an-ssh-key/
Relevant steps from the first link:
Generate an SSH-key:
ssh-keygen -t ed25519 -C "john@doe.example.com"
Follow the prompts and decide a name, e.g.
id_ed25519_example_company
.Copy the SSH public-key to GitHub from
~/.ssh/id_ed25519_doe_company.pub
and tell ssh about the key:ssh-add ~/.ssh/id_ed25519_doe_company
Create a
config
file in~/.ssh
with the following contents:Host github-doe-company
HostName github.com
User git
IdentityFile ~/.ssh/id_ed25519_doe_companyAdd your remote:
git remote add origin git@github-doe-company:username/repo.git
or change using:
git remote set-url origin git@github-doe-company:username/repo.git
Also, if you're working with multiple repositories using different personas, you need to make sure that your individual repositories have the user settings overridden accordingly:
Setting user name, email and GitHub token – Overriding settings for individual repos
https://help.github.com/articles/setting-your-commit-email-address-in-git/
Note:
Some of you may require different emails to be used for different repositories, from git 2.13 you can set the email on a directory basis by editing the global config file found at: ~/.gitconfig
using conditionals like so:
[user]
name = Default Name
email = defaultemail@example.com
[includeIf "gitdir:~/work/"]
path = ~/work/.gitconfig
And then your work-specific config ~/work/.gitconfig
would look like this:
[user]
name = Pavan Kataria
email = pavan.kataria@example.com
Thank you @alexg for informing me of this in the comments.
How do I provide a username and password when running git clone git@remote.git?
Based on Michael Scharf's comment:
You can leave out the password so that it won't be logged in your Bash history file:
git clone https://username@github.com/username/repository.git
It will prompt you for your password.
Alternatively, you may use:
git clone https://username:password@github.com/username/repository.git
This way worked for me from a GitHub repository.
Related Topics
Cannot Get Qwindow::Fromwinid to Work Properly
Bash Script Counting Instances of Itself Wrongly
Bash Exit Script from Inside a Function
Gradle 1.3: Build.Gradle Not Building Classes
File Listed Twice in Rpm Spec File
Why Sizeof(Spinlock_T) Is Greater Than Zero on Uni-Processor
Linux Device Driver File Operations: It Is Possible to Have Race Conditions
Linux/Glibc. How to Use Fprintf in Signal Handler
How Does/Frequent Unix Tee Command Write Stdout Terminal Output to File? If The Output Is Too Big
Sprof "Pltrel Not Found Error"
Downloading a Tarball from Github Without Curl
Trying to Install Docker Gpg Key Recieving Error: Curl: Option '-' Is Unknown
How to Configure Multiple Ssh Access to an Ec2 Instance
Ssl and Tkinter Not Present on Source Build of Python 3.5.2, Debian Linux
Split Tar.Bz2 File and Extract Each Individually