3

I have read a tons of topic about how to remove credential from a mac, and the most repetitive answer is "remove credential from native keychain".

It doesn't work, event if I remove github credential from keychain, after "git push" something is adding automatically again my credential to keychain.

What can be wrong ? And how to finally remove my password and email from a mac ?

Rob
  • 14,746
  • 28
  • 47
  • 65
discCard
  • 421
  • 1
  • 5
  • 16

2 Answers2

2

You can use the credential helper directly to erase the keychain entry.

To do this, type the following command:

$ git credential-osxkeychain erase
host=github.com
protocol=https
> [Press Return]

If it's successful, nothing will print out.

Github documentation

Thirumal
  • 8,280
  • 11
  • 53
  • 103
1

Git 2.42 (Q3 2023) suggests and documents git credential reject:

See commit 6c26da8, commit aeb21ce (15 Jun 2023) by M Hickford (hickford).
(Merged by Junio C Hamano -- gitster -- in commit 5ee8fcd, 23 Jun 2023)

credential: erase all matching credentials

Signed-off-by: M Hickford

credential reject sends the erase action to each helper, but the exact behaviour of erase isn't specified in documentation or tests.
Some helpers (such as credential-store and credential-libsecret) delete all matching credentials, others (such as credential-cache) delete at most one matching credential.

Test that helpers erase all matching credentials.
This behaviour is easiest to reason about.
Users expect that echo "url=https://example.com" | git credential reject or echo "url=https://example.com\nusername=tim" | git credential reject erases all matching credentials.

Fix credential-cache.

git credential now includes in its man page:

If the action is reject, git-credential will send the description to any configured credential helpers, which may erase any stored credentials matching the description.

Git 2.43 (Q4 2023) updates two credential helpers to correctly match which credential to erase; they dropped not the ones with stale password.

See commit cb626f8, commit 7144dee (26 Jul 2023) by M Hickford (hickford).
(Merged by Junio C Hamano -- gitster -- in commit bc92d2c, 28 Aug 2023)

credential/libsecret: erase matching creds only

Signed-off-by: M Hickford

The credential erase request typically includes protocol, host, username and password.

credential-libsecret erases a stored credential if it matches protocol, host and username, regardless of password.

This is confusing in the case the stored password differs from that in the request.
This case can occur when multiple credential helpers are configured.

Only erase credential if stored password matches request (or request omits password).

This fixes test "helper (libsecret) does not erase a password distinct from input" when t0303 is run with GIT_TEST_CREDENTIAL_HELPER set to "libsecret".
This test was added in aeb21ce ("credential: avoid erasing distinct password", 2023-06-13, Git v2.42.0-rc0 -- merge listed in batch #4).

VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250