Merge branch 'mh/doc-credential-helpers-with-pat' · freshlybakedca.ke/git@6ecb4fc

Git fork

Merge branch 'mh/doc-credential-helpers-with-pat'

Document that it is insecure to use Personal Access Tokens, which
some hosting providers take as username/password, embedded in URLs.

* mh/doc-credential-helpers-with-pat:
docs: discuss caching personal access tokens
docs: list popular credential helpers

Junio C Hamano 1 year ago 6ecb4fc1 294673a1

+46 -12

2 changed files

expand all

Documentation

git-credential-cache.txt

gitcredentials.txt

+17

Documentation/git-credential-cache.txt

··· 78 78 $ git config credential.helper 'cache --timeout=3600' 79 79 ------------------------------------------------------- 80 80 81 + PERSONAL ACCESS TOKENS 82 + ---------------------- 83 + 84 + Some remotes accept personal access tokens, which are randomly 85 + generated and hard to memorise. They typically have a lifetime of weeks 86 + or months. 87 + 88 + git-credential-cache is inherently unsuitable for persistent storage of 89 + personal access tokens. The credential will be forgotten after the cache 90 + timeout. Even if you configure a long timeout, credentials will be 91 + forgotten if the daemon dies. 92 + 93 + To avoid frequently regenerating personal access tokens, configure a 94 + credential helper with persistent storage. Alternatively, configure an 95 + OAuth credential helper to generate credentials automatically. See 96 + linkgit:gitcredentials[7], sections "Available helpers" and "OAuth". 97 + 81 98 GIT 82 99 --- 83 100 Part of the linkgit:git[1] suite

+29 -12

Documentation/gitcredentials.txt

··· 66 66 credential-generating helper might generate credentials for certain servers via 67 67 some API. 68 68 69 - To use a helper, you must first select one to use. Git currently 70 - includes the following helpers: 71 - 72 - cache:: 73 - 74 - Cache credentials in memory for a short period of time. See 75 - linkgit:git-credential-cache[1] for details. 76 - 77 - store:: 78 - 79 - Store credentials indefinitely on disk. See 80 - linkgit:git-credential-store[1] for details. 69 + To use a helper, you must first select one to use (see below for a list). 81 70 82 71 You may also have third-party helpers installed; search for 83 72 `credential-*` in the output of `git help -a`, and consult the ··· 106 95 107 96 === Available helpers 108 97 98 + Git currently includes the following helpers: 99 + 100 + cache:: 101 + 102 + Cache credentials in memory for a short period of time. See 103 + linkgit:git-credential-cache[1] for details. 104 + 105 + store:: 106 + 107 + Store credentials indefinitely on disk. See 108 + linkgit:git-credential-store[1] for details. 109 + 110 + Popular helpers with secure persistent storage include: 111 + 112 + - git-credential-libsecret (Linux) 113 + 114 + - git-credential-osxkeychain (macOS) 115 + 116 + - git-credential-wincred (Windows) 117 + 118 + - https://github.com/git-ecosystem/git-credential-manager[Git Credential Manager] (cross platform, included in Git for Windows) 119 + 109 120 The community maintains a comprehensive list of Git credential helpers at 110 121 https://git-scm.com/doc/credential-helpers. 111 122 ··· 115 126 OAuth credential helper. Initial authentication opens a browser window to the 116 127 host. Subsequent authentication happens in the background. Many popular Git 117 128 hosts support OAuth. 129 + 130 + Popular helpers with OAuth support include: 131 + 132 + - https://github.com/git-ecosystem/git-credential-manager[Git Credential Manager] (cross platform, included in Git for Windows) 133 + 134 + - https://github.com/hickford/git-credential-oauth[git-credential-oauth] (cross platform, included in many Linux distributions) 118 135 119 136 CREDENTIAL CONTEXTS 120 137 -------------------