185

Is it possible to use a .netrc file on Windows when I'm using Git to clone a remote repository with HTTP and user - password?

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
Bernd Klaus
  • 1,915
  • 3
  • 13
  • 5

4 Answers4

227

Is it possible to use a .netrc file on Windows?

Yes: You must:

  • define environment variable %HOME% (pre-Git 2.0, no longer needed with Git 2.0+)
  • put a _netrc file in %HOME%

If you are using Windows 7/10, in a CMD session, type:

setx HOME %USERPROFILE%

and the %HOME% will be set to 'C:\Users\"username"'.
Go that that folder (cd %HOME%) and make a file called '_netrc'

Note: Again, for Windows, you need a '_netrc' file, not a '.netrc' file.

Its content is quite standard (Replace the <examples> with your values):

machine <hostname1>
login <login1>
password <password1>
machine <hostname2>
login <login2>
password <password2>

Luke mentions in the comments:

Using the latest version of msysgit on Windows 7, I did not need to set the HOME environment variable. The _netrc file alone did the trick.

This is indeed what I mentioned in "Trying to “install” github, .ssh dir not there":
git-cmd.bat included in msysgit does set the %HOME% environment variable:

@if not exist "%HOME%" @set HOME=%HOMEDRIVE%%HOMEPATH%
@if not exist "%HOME%" @set HOME=%USERPROFILE%

爱国者 believes in the comments that "it seems that it won't work for http protocol"

However, I answered that netrc is used by curl, and works for HTTP protocol, as shown in this example (look for 'netrc' in the page): . Also used with HTTP protocol here: "_netrc/.netrc alternative to cURL".

A common trap with with netrc support on Windows is that git will bypass using it if an origin https url specifies a user name.

For example, if your .git/config file contains: 

[remote "origin"]
     fetch = +refs/heads/*:refs/remotes/origin/*
     url = https://bob@code.google.com/p/my-project/

Git will not resolve your credentials via _netrc, to fix this remove your username, like so: 

[remote "origin"]
     fetch = +refs/heads/*:refs/remotes/origin/*
     url = https://code.google.com/p/my-project/

Alternative solution: With git version 1.7.9+ (January 2012): This answer from Mark Longair details the credential cache mechanism which also allows you to not store your password in plain text as shown below.

With Git 1.8.3 (April 2013):

You now can use an encrypted .netrc (with gpg).
On Windows: %HOME%/_netrc (_, not '.')

A new read-only credential helper (in contrib/) to interact with the .netrc/.authinfo files has been added.

That script would allow you to use gpg-encrypted netrc files, avoiding the issue of having your credentials stored in a plain text file.

Files with the .gpg extension will be decrypted by GPG before parsing.
Multiple -f arguments are OK. They are processed in order, and the first matching entry found is returned via the credential helper protocol.

When no -f option is given, .authinfo.gpg, .netrc.gpg, .authinfo, and .netrc files in your home directory are used in this order.

To enable this credential helper:

git config credential.helper '$shortname -f AUTHFILE1 -f AUTHFILE2'

(Note that Git will prepend "git-credential-" to the helper name and look for it in the path.)

# and if you want lots of debugging info:
git config credential.helper '$shortname -f AUTHFILE -d'

#or to see the files opened and data found:
git config credential.helper '$shortname -f AUTHFILE -v'

See a full example at "Is there a way to skip password typing when using https:// github"

With Git 2.18+ (June 2018), you now can customize the GPG program used to decrypt the encrypted .netrc file.

See commit 786ef50, commit f07eeed (12 May 2018) by Luis Marsano (``).
(Merged by Junio C Hamano -- gitster -- in commit 017b7c5, 30 May 2018)

git-credential-netrc: accept gpg option

git-credential-netrc was hardcoded to decrypt with 'gpg' regardless of the gpg.program option.
This is a problem on distributions like Debian that call modern GnuPG something else, like 'gpg2'

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • @Luke: yes, the `git-cmd.bat` included in msysgit does set the `%HOME%` environment variable, as I mentioned last December: http://stackoverflow.com/questions/8514097/trying-to-install-github-ssh-dir-not-there/8531157#8531157 – VonC Jan 23 '12 at 21:39
  • @爱国者 `netrc` is used by `curl`, and works for `http` protocol, as shown in this example (look for '`netrc`' in the page): http://maymay.net/blog/2008/08/08/how-to-use-http-basic-authentication-with-git/ . Also used with http protocol here: http://stackoverflow.com/questions/5193643/netrc-netrc-alternative-to-curl – VonC Feb 03 '12 at 04:58
  • @VonC I just added another trap both Marc and I hit to the bottom. – Sam Saffron May 11 '12 at 05:29
  • @SamSaffron What version of Git are you using? Just to make sure it isn't related to http://stackoverflow.com/questions/10464250/remote-pushurl-wont-work and https://github.com/git/git/blob/master/Documentation/RelNotes/1.7.8.txt#L134-137 – VonC May 11 '12 at 06:35
  • @VonC I am on 1.7.6 ... but Marc is on 1.7.8, so it must be a different issue – Sam Saffron May 11 '12 at 06:41
  • In the _netrc file, the value for "machine" should be something like: "githubenterprise.mycompany.com" – Hawkeye Parker Jun 28 '12 at 21:57
  • @HawkeyeParker yes, it should be the fqn (fully qualified name) of your Git server. – VonC Jun 28 '12 at 22:03
  • On my work machine the _netrc method would not work when placed into my profile C:\Users\Name.Domain. Moved to C:\Users\Name and it works. – SurfRat Jun 12 '13 at 06:27
  • Do you know how to solve this question?http://programmers.stackexchange.com/questions/209140/gitshell-how-can-i-not-type-the-username-and-passwords – HyperGroups Aug 22 '13 at 13:01
  • @HyperGroups yes: use an encrypted `_netrc` file in your `%HOME%`, as [described in this answer](http://stackoverflow.com/a/18362082/6309). By the way, your question is a Stack Overflow question, not a programmers.SE one. – VonC Aug 22 '13 at 13:21
  • @Vonc I've tried that, seems failed,,,bad ,,,Should I restart computer? Let me check and do that again... – HyperGroups Aug 22 '13 at 13:25
  • @HyperGroups you can try and restart your computer, but if it still fails, ask a question on Stack Overflow with as many details as you can, and the *exact* error message. – VonC Aug 22 '13 at 14:09
  • @VonC Fine, today it's ok now, I'm not sure which method makes it works well, wish it'll good as always. If it doesn't work well, then I'll edit and add more details and ask you again, thanks. – HyperGroups Aug 23 '13 at 06:31
  • This method does not work for me. Git always prompts for passphrase. Using windows 8, openssh, tortoise git and windows git. For machine am just using github.com. I set the HOME dir to my home, where the _netrc file is, no luck. – John Little Jul 14 '14 at 18:23
  • @JohnLittle strange: it works fine for me (with msysgit, not tested with TortoiseGit). Note, openssh has nothing to do with this credential helper, which is only for https url, not ssh. – VonC Jul 14 '14 at 18:27
  • Well, the `_netrc` didn't work for me on a `Windows 7` PC, but the `.netrc` worked for [youtube-dl](https://github.com/rg3/youtube-dl) with the `--netrc` argument passed to it. – Iulian Onofrei Apr 12 '15 at 23:07
  • This is important content (I got here while researching something at work). Perhaps reverse the order so that the most important information comes first (information about newer versions of Git comes first)? And perhaps remove the historical information, "(Original answer)", "Update late 2012", etc. The dates should be the release dates for the Git versions, not when this post was updated. This answer could be divided into subsections, for each Git version range. – Peter Mortensen Aug 28 '18 at 19:20
  • @PeterMortensen I see... a bit more complex than "active reading", then ;) I'll get on it shortly. – VonC Aug 28 '18 at 19:23
  • @PeterMortensen I have reorganized the answer as requested. Let me know how I can improve it further, if needed. – VonC Aug 29 '18 at 06:11
  • @VonC can you please help me? I am having WIndows Server 2019 and I am not able to set HOME environment variable. When I list vars with `set` I do not see that in the list only `HOMEPATH`, but if I open manually `Edit environment variables` I do see `HOME` env. What is the issue? I have defined `_netrc` file but it seems it does not work for that reason. `echo %HOME%` has as output `%HOME%` Thanks a lot! – vel Jun 12 '22 at 12:40
  • 1
    @AndreyS If you see `HOME` defined in your user environment variables, but you don't see it when typing `set HOME` in your current CMD, you need to open a *new* CMD in order for said shell session to inherit the variables you have defined. – VonC Jun 12 '22 at 14:32
36

You can also install Git Credential Manager for Windows to save Git passwords in Windows credentials manager instead of _netrc. This is a more secure way to store passwords.

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
KindDragon
  • 6,558
  • 4
  • 47
  • 75
  • 8
    Great answer, this is the only answer I've found that lets me keep the simplicity of username/password (securely) without having to deal with all that SSH crap. – Kirk Woll Oct 15 '12 at 17:17
  • @KirkWoll see my update answer above: you now can store your credentials in an encrypted `.netrc` file. You won't have to enter those credential even once during the session. – VonC Apr 23 '13 at 12:06
11

This will let Git authenticate on HTTPS using .netrc:

  • The file should be named _netrc and located in c:\Users\<username>.
  • You will need to set an environment variable called HOME=%USERPROFILE% (set system-wide environment variables using the System option in the control panel. Depending on the version of Windows, you may need to select "Advanced Options".).
  • The password stored in the _netrc file cannot contain spaces (quoting the password will not work).
Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
EBlake
  • 735
  • 7
  • 14
  • Simplest and best solution. Worked like charm with Android Studio, Source Tree and Git command line. I had to use this when Google recommended Cloud SDK credential.helper option failed and had to manually generate credentials and use with net rc file. In my case I didn't require option 2 and 3. – Hari Dec 20 '16 at 02:14
0

I am posting a way to use _netrc to download materials from the site www.course.com.

If someone is going to use the coursera-dl to download the open-class materials on www.coursera.com, and on the Windows OS someone wants to use a file like ".netrc" which is in like-Unix OS to add the option -n instead of -U <username> -P <password> for convenience. He/she can do it like this:

  1. Check the home path on Windows OS: setx HOME %USERPROFILE%(refer to VonC's answer). It will save the HOME environment variable as C:\Users\"username".

  2. Locate into the directory C:\Users\"username" and create a file name _netrc.NOTE: there is NOT any suffix. the content is like: machine coursera-dl login <user> password <pass>

  3. Use a command like coursera-dl -n --path PATH <course name> to download the class materials. More coursera-dl options details for this page.

Peter Mortensen
  • 30,738
  • 21
  • 105
  • 131
BO.LI
  • 315
  • 1
  • 10