Where are my git credential stored in vscode remote development?

Question

So I started to use vscode remote development capabilities via ssh. On an initial git pull on the vscode terminal, it (out of the box) did the OAuth and 2FA dance (opening a browser locally) to log me into github.

So far so automagically good.

However, I am not alone on the remote machine. A do not want that my github credentials can be accessed by another user.

When I issue a printf "protocol=https\nhost=github.com" | git credential fill in the remote vscode terminal, my credentials are dumped.

Where do these come from? And if located on the remote host, how can I erase my credentials?

When I run the above git credential fillcommand on a remote non-vscode shell, then nothing is dumped.

Also there is no credential helper configured on the remote machine.

On the local machine, the credential manager is configured, so

 printf "host=github.com\nusername=***\nprotocol=https" | git credential-manager get

will dump my credentials. So maybe vscode takes the credentials from this?

However, if I erase the credential locally with git credential-manager erase (and even after restarting vscode), the credentials still show in the vscode remote terminal.

See also Remove credentials from Git

Answer 1

On MS-Windows, vscode stores the credential locally in Windows Credential Manager (Anmeldeinformationen) under vscodevscode.github-authentication/github.auth.

After deleting this entry and restart of vscode remote session a printf "protocol=https\nhost=github.com" | git credential fill does not dump the existing credentials anymore, but wants to sign in again. So that verifies it.

Btw, the secret stored under vscodevscode.github-authentication/github.auth is not the github personal access token, but an oauth token.