33

I use the Git on my workplace and company policy doesn't allow me to store passwords in unsecure way. Is there any better option than using git config credential.helper store for storing password to the Git server?

P.S. Can't use key-authentication as it's not allowed on our server.

dk14
  • 22,206
  • 4
  • 51
  • 88
  • 1
    It's better security to avoid passwords altogether. If you can, use ssh and ssh keys to access the repository. – Schwern Jan 23 '15 at 07:49
  • Agree, I use it for GitHub, but unfortunatelly our server uses `https` only. I can't change it as it corporate policy(?). – dk14 Jan 23 '15 at 07:50
  • I hope you mean `https`. – Schwern Jan 23 '15 at 07:50
  • The question mark tells me you don't know if it's policy. Many times these things aren't. Even if it is, policies can be changed. Up to you to decide if it's worth making the suggestion. – Schwern Jan 23 '15 at 07:53

1 Answers1

70

git config credential.helper store is not very secure; as it said in documentation:

Using this helper will store your passwords unencrypted on disk, protected only by filesystem permissions

The ~/.git-credentials file will have its filesystem permissions set to prevent other users on the system from reading it, but will not be encrypted or otherwise protected.

So it stores your password as is. Git allows to use your keychain git config --global credential.helper osxkeychain for OSX, so it seems to be more secure. For Linux system you may use git config credential.helper cache, which stores passwords in your memory. Or you can write your own as it said in git help credentials:

You can write your own custom helpers to interface with any system in which you keep credentials. See the documentation for Git's credentials API for details

Besides, @VonC pointed to the cross-platform GPG-based solution. See also this question about .netrc file.

There is also gnome-keyring helper for Linux (thanks to @jazakmeister for advice)

dk14
  • 22,206
  • 4
  • 51
  • 88