I want to use a push and pull automatically in Git Extensions, Sourcetree or any other Git GUI without entering my username and password in a prompt, every time.
So how can I save my credentials in Git?
Attention: This method saves the credentials in plaintext on your PC's disk. Everyone on your computer can access it, e.g. malicious NPM modules.
Run
git config --global credential.helper store
then
git pull
provide a username and password and those details will then be remembered later. The credentials are stored in a file on the disk, with the disk permissions of "just user readable/writable" but still in plaintext.
If you want to change the password later
git pull
Will fail, because the password is incorrect, git then removes the offending user+password from the ~/.git-credentials
file, so now re-run
git pull
to provide a new password so it works as earlier.
You can use the git config
to enable credentials storage in Git.
git config --global credential.helper store
When running this command, the first time you pull or push from the remote repository, you'll get asked about the username and password.
Afterwards, for consequent communications with the remote repository you don't have to provide the username and password.
The storage format is a .git-credentials
file, stored in plaintext.
Also, you can use other helpers for the git config credential.helper
, namely memory cache:
git config credential.helper 'cache --timeout=<timeout>'
which takes an optional timeout parameter
, determining for how long the credentials will be kept in memory. Using the helper, the credentials will never touch the disk and will be erased after the specified timeout. The default
value is 900 seconds (15 minutes).
Warning: If you use this method, your Git account passwords will be saved in plaintext format, in the global .gitconfig file
, e.g in Linux it will be /home/[username]/.gitconfig
.
If this is undesirable to you, use an ssh key
for your accounts instead.
git config credential.helper cache
the passwords will not be saved to a file, only stored in memory. See: git-scm.com/docs/git-credential-cache
Recommended and secure method: SSH
Create an SSH GitHub key. Go to github.com → Settings → SSH and GPG keys → New SSH Key. Now save your private key to your computer.
Then, if the private key is saved as id_rsa in the ~/.ssh/ directory, we add it for authentication as such:
ssh-add -K ~/.ssh/id_rsa
A more secure method: Caching
We can use git-credential-cache to cache our username and password for a time period. Simply enter the following in your CLI (terminal or command prompt):
git config --global credential.helper cache
You can also set the timeout period (in seconds) as such:
git config --global credential.helper 'cache --timeout=3600'
~/.ssh/id_rsa
, no more securely than ~/.git-credentials
? Also the credential.helper store method does not put the password / token in .gitconfig Also due to quirks of sites like GitHub you get more fine-grained control over permissions on a Personal Access Token than an SSH public key. So for that specific case I'd say PAT with credential helper is "more secure"
Turn on the credential helper so that Git will save your password in memory for some time:
In Terminal, enter the following:
# Set Git to use the credential memory cache
git config --global credential.helper cache
By default, Git will cache your password for 15 minutes.
To change the default password cache timeout, enter the following:
# Set the cache to timeout after 1 hour (setting is in seconds)
git config --global credential.helper 'cache --timeout=3600'
From GitHub Help.
cache
part with store
. So, the full command will be: git config --global credential.helper store
. Note that this will store Your password in a open-text file (without any encryption, so to say).
--timeout
parameter?
You can edit the ~/.gitconfig
file to store your credentials:
sudo nano ~/.gitconfig
Which should already have
[user]
email = your@email.com
user = gitUSER
You should add the following at the bottom of this file.
[credential]
helper = store
The reason I recommend this option is because it is global and if at any point you need to remove the option you know where to go and change it.
Only use this option in you personal computer.
Then when you pull | clone| enter you Git password, in general, the password will be saved in ~/.git-credentials
in the format
https://gituser:gitpassword@domain.xxx
Where DOMAIN.XXX could be github.com, bitbucket.org, or others
See the documentation.
Restart your terminal.
exec bash
After going over dozens of Stack Overflow posts, blogs, etc., I tried out every method, and this is what I came up with. It covers everything.
The vanilla DevOps Git credentials & private packages cheat sheet
These are all the ways and tools by which you can securely authenticate Git to clone a repository without an interactive password prompt.
SSH public keys SSH_ASKPASS
SSH_ASKPASS
API access tokens GIT_ASKPASS .gitconfig insteadOf .gitconfig [credential] .git-credentials .netrc
GIT_ASKPASS
.gitconfig insteadOf
.gitconfig [credential]
.git-credentials
.netrc
Private packages (for free)
Node.js / npm package.json
Python / pip / eggs requirements.txt
Ruby gems Gemfile
Go go.mod
The Silver Bullet
Want Just Works™? This is the magic silver bullet.
Get your access token (see the section in the cheat sheet if you need the GitHub or Gitea instructions for that) and set it in an environment variable (both for local development and deployment):
MY_GIT_TOKEN=xxxxxxxxxxxxxxxx
For GitHub, copy and run these lines verbatim:
git config --global url."https://api:$MY_GIT_TOKEN@github.com/".insteadOf "https://github.com/"
git config --global url."https://ssh:$MY_GIT_TOKEN@github.com/".insteadOf "ssh://git@github.com/"
git config --global url."https://git:$MY_GIT_TOKEN@github.com/".insteadOf "git@github.com:"
Congratulations. Now any automated tool cloning Git repositories won't be obstructed by a password prompt, whether using HTTPS or either style of an SSH URL.
Not using GitHub?
For other platforms (Gitea, GitHub, and Bitbucket), just change the URL. Don't change the usernames (although arbitrary, they're needed for distinct configuration entries).
Compatibility
This works locally in macOS, Linux, Windows (in Bash), Docker, CircleCI, Heroku, Akkeris, etc.
More information
See the ".gitconfig insteadOf" section of the cheat sheet.
Security
See the "Security" section of the cheat sheet.
git config --global credential."https://somegithost.com".username MyUserName
, which is in your cheatsheet, but not anywhere else in this answer thread. That particular solution doesn't answer the OP's question, but it answered mine, so thanks!
I think it's safer to cache credentials, instead of storing it forever:
git config --global credential.helper 'cache --timeout=10800'
Now you can enter your username and password (git pull
or ...), and keep using Git for the next three hours.
It is nice and safe.
The unit for timeout is seconds (three hours in this example).
'cache'
part seemed to be interpreted as the value of credentials.helper
to set, and --timeout
was interpreted as another option of git config
, which made syntax error. This makes sense to be honest considering how command options are usually parsed. Using 'cache --timeout=<secs>'
in quotes makes it explicit that this whole thing must be the set value under credential.helper
and his just more portable. No space for interpretation how to read --timemout
part.
git config --global -e
and as the Walter white said, "You are God damn right!" :). thanks, I'll edit my answer
Just put your credentials in the URL like this:
https://Username`**:**`Password`**@**`github.com/myRepoDir/myRepo.git`
You may store it like this:
git remote add myrepo https://Userna...
...example to use it:
git push myrepo master`
Now that is to List the URL aliases:
git remote -v
...and that the command to delete one of them:
git remote rm myrepo
git@github.com:Username/myRepo.git
https
, not ssh
, so a solution like this can be useful there. Note also that you can use an oauth-token, which is marginally more secure that your GitHub password.
For global settings, open the terminal (from anywhere), run the following:
git config --global user.name "your username"
git config --global user.password "your password"
By that, any local Git repository that you have on your machine will use that information.
You can individually configure for each repository by doing:
open the terminal at the repository folder.
run the following: git config user.name "your username" git config user.password "your password"
It affects only that folder (because your configuration is local).
--local
tag but again nothing happens
git config --global
is still only accessible to the user, at ~/.gitconfig
, so in that sense it is probably no worse than a private ssh key (with no password protection) in your home directory, or things like ~/.aws/config
for aws cli. If you used --system
for git config it would be available to all users on your computer, so better not do that, and no need to, although it would still be limited to the other users on your computer.
You can use git-credential-store to store your passwords unencrypted on the disk, protected only by the permissions of the file system.
Example
git config credential.helper store
git push http://example.com/repo.git
Username: <type your username>
Password: <type your password>
[Several days later]
git push http://example.com/repo.git
[Your credentials are used automatically]
You can check the credentials stored in the file ~/.git-credentials
.
For more information, visit git-credential-store - Helper to store credentials on disk.
Apart from editing the ~/.gitconfig
file, that you can do if you call from the command line:
git config --local --edit
or
git config --global --edit
https://i.stack.imgur.com/T4Iid.png
You can also use the command line to edit the git config file directly (without the editor)
git config --local user.name 'your username'
git config --local user.password 'your password'
or
git config --global user.name 'your username'
git config --global user.password 'your password'
Note to always use single quotes. Your username and password may use some characters that would break your password if you use double quotes.
--local
or --global
means configuration parameters are saved for the project or for the OS user.
Store username and password in .git-credentials
.git-credentials
is where your username and password (access token) is stored when you run git config --global credential.helper store
, which is what other answers suggest, and then type in your username and password or access token:
https://${username_or_access_token}:${password_or_access_token}@github.com
So, in order to save the username and password (access token):
git config —-global credential.helper store
echo “https://${username}:${password_or_access_token}@github.com“ > ~/.git-credentials
This is very useful for a GitHub robot, e.g. to solve Chain automated builds in the same Docker Hub repository by having rules for different branch and then trigger it by pushing to it in the post_push
hook in Docker Hub.
An example of this can be seen here on Stack Overflow.
You will be more secure if you use SSH authentication than username/password authentication.
If you are using a Mac, SSH client authentication is integrated into the macOS keychain. Once you have created an SSH key, type into your terminal:
ssh-add -K ~/.ssh/id_rsa
This will add the SSH private key to the macOS keychain. The Git client will use SSH when it connects to the remote server. As long as you have registered your ssh public key with the server, you will be fine.
SSH
access. Using HTTP authentication, someone who steal the credentials would only have access to GitHub/GitLab
. Also token are designed to have a limited life.
In that case, you need git credential helper to tell Git to remember your GitHub password and username by using following command line:
git config --global credential.helper wincred
And if you are using a repository using an SSH key then you need the SSH key to authenticate.
wincred
is obsoleted, see stackoverflow.com/a/53184233/5281824
None of the previous answers worked for me. I kept getting the following every time I wanted to fetch
or pull
:
Enter passphrase for key '/Users/myusername/.ssh/id_rsa':
For Macs
I was able to stop it from asking my passphrase by:
Open config by running: vi ~/.ssh/config Added the following: UseKeychain yes Saved and quit: Press Esc, and then enter :wq!
For Windows
I was able to get it to work using the information in this Stack Exchange post: How to avoid being asked passphrase each time I push to Bitbucket
Just use
git config --global credential.helper store
And do the git pull. It will ask for a username and password. From now on it will not provide any prompt for username and password. It will store the details.
As of 2021, there is a secure user-friendly cross-platform solution for HTTPS remotes. No more typing passwords! No more SSH keys! No more personal access tokens!
Install Git Credential Manager developed by GitHub (downloads). It supports passwordless in-browser OAuth authentication to GitHub, BitBucket, Azure and GitLab. This means you can enable two-factor authentication on GitHub and the other platforms, greatly improving the security of your accounts.
When you push, you are offered a choice of authentication methods:
> git push
Select an authentication method for 'https://github.com/':
1. Web browser (default)
2. Device code
3. Personal access token
option (enter for default): 1
info: please complete authentication in your browser...
On Linux, a tiny bit of setup is required. The following caches credentials in memory for 20 hours, so you have to authenticate at most once per day.
git-credential-manager-core configure
git config --global credential.credentialStore cache
git config --global credential.cacheoptions "--timeout 72000"
Power users familiar with gnome-keyring or KWallet may prefer to change the credential store to libsecret.
Cosmetic configuration (docs):
Prefer choosing authentication method at terminal rather than in GUI (fewer clicks) Always use browser method rather than be asked every time (even fewer keypresses)
git config --global credential.guiPrompt false
git config --global credential.gitHubAuthModes browser
Save the username and password globally:
git config --global user.name "fname lname"
git config --global user.email "example@gmail.com"
git config --global user.password "secret"
Get a specific setting,
git config --global --get user.name
git config --global --get user.email
git config --global --get user.password
Getting all Git settings:
git config --list --show-origin
Check official Git documentation:
If you use the SSH transport for connecting to remotes, it’s possible for you to have a key without a passphrase, which allows you to securely transfer data without typing in your username and password. However, this isn’t possible with the HTTP protocols – every connection needs a username and password. This gets even harder for systems with two-factor authentication, where the token you use for a password is randomly generated and unpronounceable. Fortunately, Git has a credentials system that can help with this. Git has a few options provided in the box: The default is not to cache at all. Every connection will prompt you for your username and password. The “cache” mode keeps credentials in memory for a certain period of time. None of the passwords are ever stored on disk, and they are purged from the cache after 15 minutes. The “store” mode saves the credentials to a plain-text file on disk, and they never expire. This means that until you change your password for the Git host, you won’t ever have to type in your credentials again. The downside of this approach is that your passwords are stored in cleartext in a plain file in your home directory. If you’re using a Mac, Git comes with an “osxkeychain” mode, which caches credentials in the secure keychain that’s attached to your system account. This method stores the credentials on disk, and they never expire, but they’re encrypted with the same system that stores HTTPS certificates and Safari auto-fills. If you’re using Windows, you can install a helper called “Git Credential Manager for Windows.” This is similar to the “osxkeychain” helper described above, but uses the Windows Credential Store to control sensitive information. It can be found at https://github.com/Microsoft/Git-Credential-Manager-for-Windows. You can choose one of these methods by setting a Git configuration value:
git config --global credential.helper cache
git config --global credential.helper store
From 7.14 Git Tools - Credential Storage
From the comment by rofrol, on Linux Ubuntu, from this answer, here's how to do it on Ubuntu:
sudo apt-get install libsecret-1-0 libsecret-1-dev
cd /usr/share/doc/git/contrib/credential/libsecret
sudo make
git config --global credential.helper /usr/share/doc/git/contrib/credential/libsecret/git-credential-libsecret
Some other distributions provide the binary, so you don't have to build it.
In OS X, it typically comes "built" with a default module added of "osxkeychain", so you get it for free. Both the OS X built-in one and the homebrew variety have it present by default.
If you are using the Git Credential Manager on Windows...
git config -l
should show:
credential.helper=manager
However, if you are not getting prompted for a credential then follow these steps:
Open Control Panel from the Start menu Select User Accounts Select Manage your credentials in the left hand menu Delete any credentials related to Git or GitHub
Also ensure you have not set HTTP_PROXY
, HTTPS_PROXY
, NO_PROXY
environmental variables if you have proxy and your Git server is on the internal network.
You can also test Git fetch/push/pull using git-gui
which links to credential manager binaries in C:\Users\<username>\AppData\Local\Programs\Git\mingw64\libexec\git-core
For Windows users, look at the .gitconfig file and check what has been configured for the credential helper. If you have the following...
[credential "helperselector"] selected = wincred
you'll find the credentials in the Windows Credential Manager.
https://i.stack.imgur.com/RrIIT.png
There you can edit the credential.
Note: Wincred has been deprecated, see...
So alternatively you may want to reconfigure Git to use the built-in Git credential manager...
git config --global credential.helper manager
After reading the answers in full and experimenting with most of the answers to this question, I eventually found the procedure that works for me. I want to share it in case someone has to deal with a complex use case, but still do not want to go through all the answers and the gitcredentials, gitcredentials-store etc. man pages, as I did.
Find below the procedure I suggest IF you (like me) have to deal with several repositories from several providers (GitLab, GitHub, Bitbucket, etc.) using several different username / password combinations. If you instead have only a single account to work with, then you might be better off employing the git config --global credential.helper store
or git config --global user.name "your username"
etc. solutions that have been very well explained in previous answers.
My solution:
Unset global credentials helper, in case some former experimentation gets in the way :) git config --global --unset credentials.helper Move to the root directory of your repo and disable the local credential helper (if needed) cd /path/to/my/repo git config --unset credential.helper` Create a file to store your repo's credentials into git config credential.helper 'store --file ~/.git_repo_credentials' Note: this command creates a new file named ".git_repo_credentials" into your home directory, to which Git stores your credentials. If you do not specify a file name, Git uses the default ".git_credentials". In this case simply issuing the following command will do: git config credential.helper store set your username git config credential.*.username my_user_name Note: using "*" is usually ok if your repositories are from the same provider (e.g. GitLab). If instead your repositories are hosted by different providers then I suggest to explicitly set the link to the provider for every repository, like in the following example (for GitLab): git config credential.https://gitlab.com.username my_user_name
At this point, if you issue a command requiring your credentials (e.g. git pull
), you will be asked for the password corresponding to "my_user_name". This is only required once because git stores the credentials to ".git_repo_credentials" and automatically uses the same data at subsequent accesses.
https://github...
with github...
in my last comment)
If security is not a concern for the git client, edit the url this way:
git remote set-url origin https://${access_token}@github.com/${someone}/${somerepo}.git
Same in the git clone
case:
git clone https://${access_token}@github.com/${someone}/${somerepo}.git
I personally do not favor git config
with global
domain, since that would be a mess in a multiple-accounts case.
The GitHub recommendations have now changed, and the best method is also the simplest. Details here
Install Github official cli. E.g. for mac: brew install gh. type gh auth login in your terminal, then follow the prompts.
To save your user name and user password into github account just run these command in sequence.
git config --global user.name "userName"
git config --global user.email "usernam@gmail.com"
git config --global user.password "userPassword"
git config --global credential.helper store
git config --list --show-origin
Then generate a key using below command:
ssh-keygen -t rsa -C "useremail@gmail.com"
Note: Copy the file location where id_rsa file gets created Then go to that file location -->open gitbash or command prompt --> Run a command - cat id_rsa.pub
SSH key will be dispayed, copy this SSH key and paste it in your gihub/gitlab account
For Windows users, this way will work:
Note: If you have enabled two-factor authentication for GitHub, disable it for a while
Step 1 Go to Control Panel → User Accounts → Credential Manager → Windows Credentials
Step 2 Go to the Generic Credentials section → Add a generic credential
Step 3 - Fill in the fields Internet or network address: git.https://github.com User name: your GitHub username Password: your GitHub username And now click on OK. This will save the password and the username of your GitHub account to your local machine
git config --global user.name "your username"
git config --global user.password "your password"
Check
git config --list
Success story sharing
--global
to only store the password for one repository (when pulling and pushing) but not for any other repository (which might be on a different hoster, with different credentials that one might not want to store for whatever reasons)~/.git-credentials
are no different than a private key like~/.ssh/id_rsa
. So if you don't have a password on your private key then~/git-credentials
is no worse than ssh keys