Chuck
Posted on December 9, 2019
This is a second article in a series called "Git Authentication. In the previous article, I shared how I troubleshooted an authentication error, while working on lab assignments for Flatiron School. If you are interested in the previous article, click below.
DISCLAIMER: This solution works for my system. I have a single user system not connected to a work network, just a home office. Please investigate the best solution for you and your own security.
Options
There are several options Git provides for credentials with the HTTPS protocol. In am escalating order of options:
- Cache credentials helper - GIT Authentication Errors
- Store credentials helper
- Local OS keyring helpers - this articles purpose
Caching credentials
This is an option I dismissed very quickly, as I was looking for a viable option for my single user computer. To be fair, I do need to introduce this feature as another options
Details
The good news is that caching is quite secure because it keeps data only in memory. Just remember, every time you open new session, you need to type your credentials again. Memory is purged after 900 seconds (15 min) by default, but it can be changed with optional timeout parameter.
git config --global credential.helper 'cache --timeout=300'
Read more from the Official Documentation
### More Secure Steps
After setting up a Credential Store, I became increasingly more uncomfortable with this method. Even though I use a single use computer, it is basically a plain text method. Therefore, it does not matter if you have a 32 character password with uppercase and special characters, it is still plain text.
Details
The directions here are based on a Ubuntu 19.10 system. There are other options for Mac and Windows. The basic idea is to use your Operating System's secure keyring.
Five years ago, the best way to store Git credentials on Linux was to use the GNOME Keyring (libgnome-keyring), but as it is specific to GNOME, it is deprecated since January 2014. For Git versions 2.11+ you should use credential helper based on libsecret. Installation and configuration takes only four bash commands:
sudo apt-get install libsecret-1-0 libsecret-1-dev
cd /usr/share/doc/git/contrib/credential/libsecret
sudo make
git config --global credential.helper /usr/share/doc/git/contrib/credential/libsecret/git-credential-libsecret
All done! ✅
The next time you use git you’ll be asked for your username and password will be the last time on your device
Posted on December 9, 2019
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.