How to install and store credentials on Linux with Git Credential Manager and pass?

About

This article shows you how you can store git credential (username and password) on Linux with:

You can then use git

  • without being asked for credentials
  • in a script mode

Steps

Install Gcm on Linux

Download the latest tar file from the release 1)

wget https://github.com/git-ecosystem/git-credential-manager/releases/download/v2.0.935/gcm-linux_amd64.2.0.935.tar.gz
tar -xvf <path-to-tarball> -C /usr/local/bin
Atlassian.Bitbucket.UI
git-credential-manager
git-credential-manager-ui
GitHub.UI
GitLab.UI
libHarfBuzzSharp.so
libSkiaSharp.so
NOTICE

Configure it as credential manager

git-credential-manager configure
Configuring component 'Git Credential Manager'...
Configuring component 'Azure Repos provider'...

Or you can just execute:

git config --global credential.helper /usr/local/bin/git-credential-manager

Create the secret store

On Linux, the only disk encrypted option is to use a gpg/pass store

Create the gpg key

gpg --gen-key
  • It will prompt you to create a user id
GnuPG needs to construct a user ID to identify your key.

Real name: aname
Email address: [email protected]
Comment:
You selected this USER-ID:
    "aname <[email protected]>"

  • When you got to this message: connect to another session and enter a find / | xargs file to create entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

  • When it's finished
gpg: /home/www-user/.gnupg/trustdb.gpg: trustdb created
gpg: key 2D3CF104 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2028-05-02
pub   2048R/2D3CF104 2023-05-04 [expires: 2028-05-02]
      Key fingerprint = 126C 2E32 7C6E 8C8F 7C55  8714 0F83 C936 2D3C F104
uid                  gitcs <[email protected]>
sub   2048R/5A9C14E1 2023-05-04 [expires: 2028-05-02]

Init the pass store

With pass:

pass init 'aname <[email protected]>'

Set the credential store to gpg

git config --global credential.credentialStore gpg

Set the password for the repository

Create a file (with a empty line at the end)

url=https://example.com/user/repo
username=yourUsername
password=yourToken

And store it in the config manager with git-credential:

cat git-credential.ini | git credential fill

Git outputs the following response:

protocol=https
host=example.com
path=user/repo
username=yourUsername
password=yourToken

Set a username credential for a repository

Add this config:

# create the git user directory to avoid `could not lock config file .git/config: No such file or directory`
mkdir ~/.git
# execute
URL=https://example.com/username/repo
git config credential.$URL.username yourusername





Discover More
Git - Credential

Git makes use of a credential helper (an external utility) to be able to retrieve the credentials) The id of a credential (user, ww) is a URL (Credential context) It will lookup a credential with the...



Share this page:
Follow us:
Task Runner