code:version:git:credential-linux-gcm

About

This article shows you how you can store git credential (username and password) on Linux with:

the Git Credential Manager
and the gpg/pass credentials store

You can then use git

without being asked for credentials
in a script mode

Steps

Install Gcm on Linux

Download the latest tar file from the release ¹⁾

wget https://github.com/git-ecosystem/git-credential-manager/releases/download/v2.0.935/gcm-linux_amd64.2.0.935.tar.gz
tar -xvf <path-to-tarball> -C /usr/local/bin

Atlassian.Bitbucket.UI
git-credential-manager
git-credential-manager-ui
GitHub.UI
GitLab.UI
libHarfBuzzSharp.so
libSkiaSharp.so
NOTICE

Configure it as credential manager

git-credential-manager configure

Configuring component 'Git Credential Manager'...
Configuring component 'Azure Repos provider'...

Or you can just execute:

git config --global credential.helper /usr/local/bin/git-credential-manager

Create the secret store

On Linux, the only disk encrypted option is to use a gpg/pass store

Create the gpg key

gpg --gen-key

It will prompt you to create a user id

GnuPG needs to construct a user ID to identify your key.

Real name: aname
Email address: [email protected]
Comment:
You selected this USER-ID:
    "aname <[email protected]>"

When you got to this message: connect to another session and enter a find / | xargs file to create entropy.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

When it's finished

gpg: /home/www-user/.gnupg/trustdb.gpg: trustdb created
gpg: key 2D3CF104 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2028-05-02
pub   2048R/2D3CF104 2023-05-04 [expires: 2028-05-02]
      Key fingerprint = 126C 2E32 7C6E 8C8F 7C55  8714 0F83 C936 2D3C F104
uid                  gitcs <[email protected]>
sub   2048R/5A9C14E1 2023-05-04 [expires: 2028-05-02]

Init the pass store

With pass:

pass init 'aname <[email protected]>'

Set the credential store to gpg

git config --global credential.credentialStore gpg

Set the password for the repository

Create a file (with a empty line at the end)

url=https://example.com/user/repo
username=yourUsername
password=yourToken

And store it in the config manager with git-credential:

cat git-credential.ini | git credential fill

Git outputs the following response:

protocol=https
host=example.com
path=user/repo
username=yourUsername
password=yourToken

Set a username credential for a repository

Add this config:

# create the git user directory to avoid `could not lock config file .git/config: No such file or directory`
mkdir ~/.git
# execute
URL=https://example.com/username/repo
git config credential.$URL.username yourusername

¹⁾

Tarball installation reference

Table of Contents