Remove password from mercurial_keyring (TortoiseHg on Windows)

Question

I am running TortoiseHg on Windows XP. I have the mercurial_keyring extension enabled.

Once a password is stored via the mercurial_keyring extension, is there any way to remove it?

A typical use case for this would be:

User A has no push privileges on a remote repository. User B, who is co-located, does have push privileges. User B enters his username and password on User A's machine to allow the push to happen.

How would I remove User B's credentials from User A's machine?

score 6 · Accepted Answer · answered Nov 08 '12 at 11:57

6

Win32 API calls to CredRead and CredWrite are used to save to the keyring. In other words, mercurial_keyring is saving credentials that you can manage with Windows Credential Manager (Win7), for XP it will be Run-rundll32.exe keymgr.dll, KRShowKeyMgr

From other side

Passwords are identified by the combination of username and remote address

thus, if hg-username of UserB isn't public, UserA will not get privileges escalation

answered Nov 08 '12 at 11:57

Lazy Badger

94,711
9
78
110

I came here because i was not able to find my Credential Manager in the settings, the options described in the linked KB Article are for some reason not available on my machine, but it turns out that running `rundll32.exe keymgr.dll, KRShowKeyMgr` also works on Win7. – Florian F Dec 10 '13 at 16:53

score 3 · Answer 2 · edited Apr 23 '15 at 04:13

3

On Windows 7, you can follow the instructions here (Control Panel -> User Accounts and Family Safety -> Credential Manager, and remove everything that says "Mercurial").

edited Apr 23 '15 at 04:13

Ayulin

2,240
2
14
11

answered Jul 02 '14 at 14:25

Dan Mitchell

715
1
7
13

Mekk · Answer 3 · 2016-03-31T14:35:52.703

2

In such a case I would probably just disable extension before pushing, still of course it is easy to forget it.

Having some way to clear the password is reasonable expectation, I will think about adding sth. Issue to follow: https://bitbucket.org/Mekk/mercurial_keyring/issue/45/some-way-to-clear-password-and-maybe

Update This is implemented since mercurial keyring 1.1.0 (published Nov 2015), mercurial keyring now brings

hg keyring_clear «path»

command which clears the password. It is less cute than using GUI tools, but works for any password backend (and uses exactly the same API which is used to save the password and the same logic to pick the proper backend).

edited Mar 31 '16 at 14:35

answered Jan 09 '15 at 20:36

Mekk

1,441
10
12

This command will only remove the password for the active user for this path (if several passwords had been stored, the not active ones will remain) – William Ledoux Sep 12 '18 at 08:44
On Windows, it will also not clear the entry in the windows credential manager, it will only somehow invalidate the password. – William Ledoux Sep 12 '18 at 08:49

score 1 · Answer 4 · edited Mar 09 '16 at 18:19

1

On Windows 8 and 10 it is:

Control Panel > User Accounts > Credential Manager > Windows Credentials.

edited Mar 09 '16 at 18:19

Felix Dombek

13,664
17
79
131

answered Jul 10 '14 at 19:53

Jack A.

4,245
1
20
34

Remove password from mercurial_keyring (TortoiseHg on Windows)

4 Answers4