About
This article shows you how you can store git credential (username and password) on Linux with:
- and the gpg/pass credentials store
You can then use git
- without being asked for credentials
- in a script mode
Steps
Install Gcm on Linux
Download the latest tar file from the release 1)
wget https://github.com/git-ecosystem/git-credential-manager/releases/download/v2.0.935/gcm-linux_amd64.2.0.935.tar.gz
tar -xvf <path-to-tarball> -C /usr/local/bin
Atlassian.Bitbucket.UI
git-credential-manager
git-credential-manager-ui
GitHub.UI
GitLab.UI
libHarfBuzzSharp.so
libSkiaSharp.so
NOTICE
Configure it as credential manager
git-credential-manager configure
Configuring component 'Git Credential Manager'...
Configuring component 'Azure Repos provider'...
Or you can just execute:
git config --global credential.helper /usr/local/bin/git-credential-manager
Create the secret store
On Linux, the only disk encrypted option is to use a gpg/pass store
Create the gpg key
gpg --gen-key
- It will prompt you to create a user id
GnuPG needs to construct a user ID to identify your key.
Real name: aname
Email address: [email protected]
Comment:
You selected this USER-ID:
"aname <[email protected]>"
- When you got to this message: connect to another session and enter a find / | xargs file to create entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
- When it's finished
gpg: /home/www-user/.gnupg/trustdb.gpg: trustdb created
gpg: key 2D3CF104 marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2028-05-02
pub 2048R/2D3CF104 2023-05-04 [expires: 2028-05-02]
Key fingerprint = 126C 2E32 7C6E 8C8F 7C55 8714 0F83 C936 2D3C F104
uid gitcs <[email protected]>
sub 2048R/5A9C14E1 2023-05-04 [expires: 2028-05-02]
Init the pass store
With pass:
pass init 'aname <[email protected]>'
Set the credential store to gpg
git config --global credential.credentialStore gpg
Set the password for the repository
Create a file (with a empty line at the end)
url=https://example.com/user/repo
username=yourUsername
password=yourToken
And store it in the config manager with git-credential:
cat git-credential.ini | git credential fill
Git outputs the following response:
protocol=https
host=example.com
path=user/repo
username=yourUsername
password=yourToken
Set a username credential for a repository
Add this config:
# create the git user directory to avoid `could not lock config file .git/config: No such file or directory`
mkdir ~/.git
# execute
URL=https://example.com/username/repo
git config credential.$URL.username yourusername