How can I save username and password in Git?
Attention: This method saves the credentials in plaintext on your PC's disk. Everyone on your computer can access it, e.g. malicious NPM modules.
Run
git config --global credential.helper store
then
git pull
provide a username and password and those details will then be remembered later. The credentials are stored in a file on the disk, with the disk permissions of "just user readable/writable" but still in plaintext.
If you want to change the password later
git pull
Will fail, because the password is incorrect, git then removes the offending user+password from the ~/.git-credentials
file, so now re-run
git pull
to provide a new password so it works as earlier.
Is there a way to cache https credentials for pushing commits?
Since Git 1.7.9 (released 2012), there is a neat mechanism in Git to avoid having to type your password all the time for HTTP / HTTPS, called credential helpers.
You can just use one of the following credential helpers:
git config --global credential.helper cache
The credential.helper cache value tells Git to keep your password cached in memory for a particular amount of minutes. The default is 15 minutes, you can set a longer timeout with:
# Cache for 1 hour
git config --global credential.helper "cache --timeout=3600"
# Cache for 1 day
git config --global credential.helper "cache --timeout=86400"
# Cache for 1 week
git config --global credential.helper "cache --timeout=604800"
You can also store your credentials permanently if so desired, see the other answers below.
GitHub's help also suggests that if you're on Mac OS X and used Homebrew to install Git, you can use the native Mac OS X keystore with:
git config --global credential.helper osxkeychain
For Windows, there is a helper called Git Credential Manager for Windows or wincred in msysgit.
git config --global credential.helper wincred # obsolete
With Git for Windows 2.7.3+ (March 2016):
git config --global credential.helper manager
For Linux, you would use (in 2011) gnome-keyring
(or other keyring implementation such as KWallet).
Nowadays (2020), that would be (on Linux)
Fedora
sudo dnf install git-credential-libsecret
git config --global credential.helper /usr/libexec/git-core/git-credential-libsecret
Ubuntu
sudo apt-get install libsecret-1-0 libsecret-1-dev
cd /usr/share/doc/git/contrib/credential/libsecret
sudo make
git config --global credential.helper /usr/share/doc/git/contrib/credential/libsecret/git-credential-libsecret
Where to store my Git personal access token?
Half the point of passwords is that (ideally) you memorize them and the system hashes them, so therefore they're never stored anywhere in plain text.
Yet GitHub's personal access token system seems to basically force you to store the token in plain text?
First, a PAT (Personal Access Token) is not a simple password, but an equivalent that:
- you can generate multiple time (for instance, one per machine from which you need to access GitHub repository)
- you can revoke at any time (from the GitHub web interface), which makes that PAT obsolete, even if it lingers around on one of those machines.
That differs from your password, which is unique to your account, and cannot be easily changed without having to also modify it everywhere you happen to use it.
Since a PAT can be used in place of a password when performing Git operations over HTTPS with Git on the command line or the API, you can use a git credential helper to cache it securely.
On Windows, for instance, that would use the Windows Credential Manager, through the GCM -- Git Credential Manager -- for Windows, Mac or Linux:
git config --global credential.helper manager-core
The first time you are pushing to a repo, a popup will ask for your credentials: username and your PAT.
The next time, it won't ask, and reuse directly that PAT, which remains stored securely in your Credential Manager.
A similar idea applies for Mac with the OSX keychain, and Linux with the GNOME Keyring (in 2021, it would need a DBus session and libsecret
), but in 2021, GCM-Core covers those use cases.
The idea remains: store the PAT in an encrypted credentials store.
As mentioned above, the more modern solution (Q4 2020) is Microsoft Git-Credential-Manager-Core
git config --global credential.helper manager-core
You need for that to install git-credential-manager-core
, downloading its latest release, like gcmcore-linux_amd64.2.0.474.41365.deb
sudo dpkg -i <path-to-package>
git-credential-manager-core configure
Although, with GCM (Git-Credential-Manager-Core) on Linux, as noted by Mekky Mayata in the comments, you need to define a git config --global credential.credentialStore
first.
See "Credential stores on Linux":
There are four options for storing credentials that Git Credential Manager (GCM) manages on Linux platforms:
- freedesktop.org Secret Service API
- GPG/
pass
compatible files- Git's built-in credential cache
- Plaintext files
By default, GCM comes not configured.
You can select which credential store to use by setting theGCM_CREDENTIAL_STORE
environment variable, or thecredential.credentialStore
Git configuration setting.
As noted by agent18 in the comments, using git-credential-libsecret
after installing libsecret-1-0
and libsecret-1-dev
is a good first step.
But, again, that should be now wrapped by credential-manager-core
.
Authentication to GitHub using personal access token on macOS?
Step 1
Copy this into your terminal to unset any existing GitHub login credentials:
git config --global --unset credential.helper
git credential-osxkeychain erase
host=github.com
protocol=https
Step 2
Open a new terminal window, and set the name and email for commits:
git config --global user.name "Your Name"
git config --global user.email you@example.com
Step 3
Run a git push
or git clone
a private repository so GitHub prompts you to enter your username and password.
For the username, simply enter your email.
For the password paste in your token (i.e. copy the token from GitHub website where you created it and paste it in).
Note: to generate a new access token, go to GitHub, click on your profile pic on the top right -> Settings -> Developer Settings -> Personal Access Tokens -> Tokens (classic) and create a new one (95% of the time you'll just want full 'repos' permissions and nothing more, unless you do some fancier things via the command line).
How do I update the password for Git?
To fix this on macOS, you can use
git config --global credential.helper osxkeychain
A username and password prompt will appear with your next Git action (pull, clone, push, etc.).
For Windows, it's the same command with a different argument:
git config --global credential.helper wincred
Git keeps prompting me for a password
I think you may have the wrong Git repository URL.
Open .git/config
and find the [remote "origin"] section. Make sure you're using the SSH one:
ssh://git@github.com/username/repo.git
You can see the SSH URL in the main page of your repository if you click Clone or download and choose ssh.
And NOT the https
or git
one:
https://github.com/username/repo.git
git://github.com/username/repo.git
You can now validate with just the SSH key instead of the username and password.
If Git complains that 'origin' has already been added
, open the .config
file and edit the url = "..."
part after [remote origin]
as url = ssh://github/username/repo.git
The same goes for other services. Make sure the address looks like: protocol://something@url
E.g. .git/config
for Azure DevOps:
[remote "origin"]
url = https://mystore@dev.azure.com/mystore/myproject/
fetch = +refs/heads/*:refs/remotes/origin/*
How do you reset the stored credentials in 'git credential-osxkeychain'?
The solution turned out to be this:
The command git credential-osxkeychain
was using the first GitHub account entry in my keychain. This one was not the one that had access to the projects in question.
I resolved the problem by touching the account in Keychain Access so that its date changed (I think I just changed the comment) and now that it became the most recent GitHub account it became the first one returned to credential-osxkeychain, and thus everything worked.
A better form of support for multiple GitHub accounts would be nice, but it is likely that most people only have one primary account and don't run into this problem.
SSH Key - Still asking for password and passphrase
If you work with HTTPs
urls, it'll always ask for your username / password. This could be solved using @Manavalan Gajapathy's comment (copying here):
See this github doc to convert remote's URL from https to ssh. To check if remote's URL is ssh or https, use git remote -v
. To switch from https to ssh:
git remote set-url origin git@github.com:USERNAME/REPOSITORY.git
If you're correctly using SSH
when cloning / setting remotes: make sure you have a ssh-agent to remember your password (see this answer by @Komu). That way, you'll only enter your passphrase once by terminal session.
If it is still too annoying, then simply set a ssh-key without passphrase.
Related Topics
Xargs and Find, Rm Complaining About \N (Newline) in Filename
How to Convince Z/Os Scp to Transfer Binary Files
Interprocess Communication via Pipes
How to Capture Remote System Network Traffic
Change The Default Find-Grep Command in Emacs
What Do Getresuid() and Setresuid() Do
X86 Assembly, Little Endianness Not Being Followed(Or Is It) (Linux)
Posix_Fadvise(Willneed) Makes Io Slower
Svn Checkout Fails with "Chunk Delimiter Was Invalid" - What Can Be Done
Docker with '-User' Can Not Write to Volume with Different Ownership
Where Is Default Installation Directory for Mongodb
Bash Script to Create Symbolic Links to Shared Libraries
Increase Mongodb Maximum Number of Connections
Sending from The Same Udp Socket in Multiple Threads
How to Set a Global Curl Rate(Speed) Limit