76

Currently, whenever I git pull or git push to a http(s) repository, I get the following:

$ git pull
Username for 'https://gitrepos.reposdomain.com': me@mydomain.com
Password for 'https://me@mydomain.com@gitrepos.reposdomain.com':

This is ok for infrequent use, but starts to become really annoying very quickly. Unfortunately, switching to ssh is not an option in this case.

I've read that earlier versions of git provided a credential "store" and "cache", but that this wasn't advised because it stored the password in plaintext.

BUT

Newer versions of git apparently store git credentials in the gnome-keyring, but it has to be set up correctly.

I've tried following other (non-Ubuntu) answers on SO to get this to work (namely this one), but I'm still presented with the username and password prompt.

What is the correct and safest way to store git credentials for http(s) repos and how does one make them work on Ubuntu?

Community
  • 1
tudor -Reinstate Monica-
  • 7,578

4 Answers4

120

git-credential-gnome-keyring is now deprecated.

Instead, use libsecret. If it's not already pre-installed on your machine, use the following procedure:

  1. Make sure libsecret and its development libraries are installed:

    sudo apt install libsecret-1-0 libsecret-1-dev

  2. Then build the credential helper from the sources shipped with libsecret's development libraries:

    sudo make --directory=/usr/share/doc/git/contrib/credential/libsecret

  3. Finally, register the freshly compiled binary as a Git credential helper:

    git config --global credential.helper \
   /usr/share/doc/git/contrib/credential/libsecret/git-credential-libsecret

More details on https://stackoverflow.com/a/40312117/2017781

Colonel Panic
  • 79
eddygeek
  • 1,839
47

You need to setup the git credential helper with Gnome Keyring:

Install and compile the Gnome Keyring devel:

sudo apt-get install libgnome-keyring-dev
sudo make --directory=/usr/share/doc/git/contrib/credential/gnome-keyring

And setup the credential:

git config --global credential.helper /usr/share/doc/git/contrib/credential/gnome-keyring/git-credential-gnome-keyring
3

This simple approach appears to be sufficient on my Ubuntu 18.04.1 with git 2.17.1:

git config --global credential.helper cache

You can specify a one hour (=3600 seconds) timeout like this:

git config --global credential.helper 'cache --timeout=3600'

Further reading in the fine manual.

Stephan Henningsen
  • 5,249
0

Try git-credential-oauth, available in Ubuntu 23.04 (lunar) and later (universe).

No more passwords! No more personal access tokens! No more SSH keys!

git-credential-oauth is a Git credential helper that securely authenticates to GitHub, GitLab, BitBucket and Gerrit using OAuth.

The first time you push, the helper will open a browser window to authenticate. Subsequent pushes within storage lifetime require no interaction.

Installation:

sudo apt-get install git-credential-oauth

Configuration:

git config --global --unset-all credential.helper
git config --global --add credential.helper "cache --timeout 7200" # two hours
git config --global --add credential.helper oauth

If you have it installed, you can also use git-credential-libsecret as a storage alternative to git-credential-cache.

Colonel Panic
  • 79