GIT credential store

Source: Internet
Author: User

Today, I asked myself a question, when we create a new warehouse on github.com or Gitlab, and clone it locally, when we first use it, we ask for the username and password, but where are the two messages?

With this problem, I started to search and read the full answer in the "Pro Git" 7.14 git-Tool-credential store, but when I first read it, I didn't know exactly what it was meant to say, so I kept trying and finally got it.

This article is as a supplement to an interpretation post.

What exactly is the credential store going to solve?

As we all know, we typically use SSH and HTTP protocols to access remote repositories.

The SSH protocol does not use the credential store discussed here. The key thing to describe here is the issue of credential storage under the HTTP protocol.

Why do you have this problem? Because git accesses the remote repository using the HTTP protocol, each request requires a user name and password along with a random code to prevent replay attacks.

So the Pro Git 7.14 git-Tool-The credential store indicates that, by default, a user name and password are required for each operation.

By default, why are you not required to enter your username password every time?

The first part of the "Pro Git" 7.14 git-Tool-credential store provides an explanation for this problem.

If you are a Mac system, git defaults to providing a osxkeychain helper program to manage your passwords, so that every time you need to provide a username and password, the osxkeychain helper program silently fills it out for you.

If you are a Windows system, you may already have installed it git-credential-winstore . If you are installing Gitgui, you are provided with the git-credential-manager .

In addition, you can also use git-credential-store and git-credential-cache to manage passwords, which store passwords in clear text in the file and the latter in memory.

And there are several ways that can exist at the same time.

How do we choose/Set the type of the helper program?

Before answering this question, let's take a quick look at what is an auxiliary program? This translation is actually a credential.helper configuration item, and we can view the current configuration with the following command:

git config --list | grep credential

MAC, the default output is:

include.path=.gitcredentialcredential.helper=osxkeychain

Corresponding to the Mac's "keychain" system, we can use the Mac system Menu page "Other keychain access" function, search git keyword view.

After Windows installs Gitgui, the default output is:

credential.helper=manager

Next, we set up a plain text file store, that is, the store type of global storage, using the following command to try:

git config --global credential.helper store

Although it is mentioned in the original store that you can use the--file command, the actual measurement is not valid at the command line. (not known for reasons)

However, you can accomplish this by directly editing the configuration file:

Set the global:

git config --global -e

Set for the current project:

git config --local -e

Then add it under the [Credential] configuration section:

helper = store --file $HOME/git-credentials/global.gitcredentialshelper = store

Where the path where the file is stored must be present in advance.

In two rows, the first row represents the specified directory, and the second row represents the default path.

(We have set the--global and--local respectively)

After running again

git config --list | grep credential

Output (MAC):

include.path=.gitcredentialcredential.helper=osxkeychaincredential.helper=store --file $HOME/git-credentials/global.gitcredentialscredential.helper=storecredential.helper=store --file $HOME/git-credentials/v-labs.gitcredentials

In other words, not only support Osxkeychain mode, but also support the store mode.

To test the effect, open the Keychain Access program (if it's a Mac), search for git, and delete all occurrences.

This is git push the time to use the command to commit changes remotely. (because more helpers are being set up, they are slower).

At this point, if prompted to enter the user name password, enter the correct value. When you are prompted to succeed, the password we just entered is stored in the credential store for all the auxiliary programs we have set up.

In the Keychain Access program, we also see a new credential information.

Since we have stored the password, where is the password and what is it?

Let's look at a few credential stores that use store types, they exist as text, and we've just set up both the specified path and the default path, so we can see the password by entering the following three commands:

localhost:~ volnet$ cd git-credentials/localhost:git-credentials volnet$ lsglobal.gitcredentials   v-labs.gitcredentialslocalhost:git-credentials volnet$ cat global.gitcredentials https://volnet:[email protected]localhost:git-credentials volnet$ cat v-labs.gitcredentials https://volnet:[email protected]localhost:git-credentials volnet$ cat ~/.git-credentials https://volnet:[email protected]

Of course, you can also read it using the commands mentioned in the "Pro Git" 7.14 git-Tool-credential store git credential-store --file ~/git.store store .

So, using the Mac's osxkeychain keychain management, can I get the password back?

The answer is YES!

localhost:git-credentials volnet$ git credential-osxkeychain getprotocol=httpshost=github.compassword=123321username=volnet

As you can see, the foo name of this helper program is mentioned in the "Pro Git" 7.14 git-Tool-credential store.

What is the role of get/store/erase?

From the Pro Git 7.14 git-Tool-The credential store, these three are all called actions, which are actually getting the password (GET)/Set Password (store)/delete password (erase) from the helper program.

Just get the password in the action, then we try to delete it. Execute the following command to try:

localhost:v-labs volnet$ git credential-osxkeychain eraseprotocol=httpshost=github.com

Verify again with the following code, there will be no return value. With the Keychain Access program, you will not see the newly added credentials.

localhost:git-credentials volnet$ git credential-osxkeychain getprotocol=httpshost=github.com
What is git credential fill for?

Every time you access a git push (or any other command that requires a user name password), the method is called, and it tries to get the user's password to the helper program according to from near's idea, and if successful, uses the obtained user password to access the remote repository. If it is not available, it will let the user enter it once and try to save it.

So the first time we used it, we were prompted to enter the username and password, which is because git internally called the command.

Can the helper program define itself?

The answer is certainly yes, and Ruby's example is also available in the Pro Git 7.14 git-Tool-credential store.

Step by step: Get your password back

The front said so much, are helping us to understand the entire voucher system, this paragraph with a coherent idea to retrieve their password:

GC-RMBP:~ volnet$ git config --list | grep credential.helpercredential.helper=osxkeychainGC-RMBP:~ volnet$ git credential-osxkeychain getprotocol=httpshost=github.compassword=123321username=volnet

The second command osxkeychain is made by the first one.

Just set up so much, I would like to delete those store storage how to deal with it?

We can use the idea of just directly editing the config file, and then save it directly after modification.

At the same time, we need to be aware that those passwords that have been stored in plaintext need to be deleted by ourselves.

You can also use the following command:

Use the following command to verify that the result should not be seen:

localhost:~ volnet$ git credential-store getprotocol=httpshost=github.com

At this point, all configuration-related content has been explained.

The conclusion is that if you do not intend to store the password in plaintext, use SSH as much as possible.

Resources
    1. Pro Git 7.14 git-Tool-Credential store

    2. Git Docs/git-credential-store

    3. Git Docs/git-credential-cache

    4. Apple Docs/osxkeychain

    5. Blog/git HTTPS or HTTP way to set remember user name and password method

    6. Blog/Use Git-credential-winstore to save HTTPS access passwords

Original link
    1. Https://github.com/volnet/volnet.github.io/blob/master/docs/tech/git/tips/git-credentials.md

    2. Https://volnet.github.io/#!docs/tech/git/tips/git-credentials.md

GIT credential store

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.