3

I've git clone a repo from Github using the HTTPS remote url as recommended by Github.

I've also set up two-factor authentication in my Github account (also recommended), which means I had to generate a token to be able to push changes to my repo.

Now, every time I attempt to push git asks for my Username and Password.

This has been addressed a number of times here, and the consensus both in StackOverflow (Git asks for username everytime I push, How secure is storing password with Git?) and Github seems to be: don't use git config credential.helper store to remember your token, use git config --global credential.helper cache instead.

According to Github, I can set up a time to cache my token with:

git config --global credential.helper 'cache --timeout=3600'

Since the process of obtaining a new token is rather cumbersome, I want to store it for quite some time.

This is the point where I'm not sure I'm using the tool appropriately. Would it be ok if I set my token to be cached for say a month?

git config --global credential.helper 'cache --timeout=2592000'

This seems to me somewhat a convoluted way to go about this. Is this the way this should be done or am I simply doing things wrong?

Community
  • 1
  • 1
Gabriel
  • 40,504
  • 73
  • 230
  • 404
  • You should use private key authentication instead. – SLaks Mar 04 '15 at 20:28
  • But that would imply using SSH right? So I shouldn't use HTTPS as recommended by Github? – Gabriel Mar 04 '15 at 20:30
  • 1
    GitHub only recommends HTTPS because it works in more cases (some networks use firewalls that prevent cloning over SSH, but this is rare for HTTPS). – mipadi Mar 04 '15 at 20:45

0 Answers0