Git - How to use .netrc file on Windows to save user and password

Asked 17/5, 2011 at 13:8 Answered 7/12, 2023 at 20:44

186

Is it possible to use a .netrc file on Windows when I'm using Git to clone a remote repository with HTTP and user - password?

Reflex answered 17/5, 2011 at 13:8 Comment(0)

229

Is it possible to use a .netrc file on Windows?

Yes: You must:

define environment variable %HOME% (pre-Git 2.0, no longer needed with Git 2.0+)
put a _netrc file in %HOME%

If you are using Windows 7/10, in a CMD session, type:

setx HOME %USERPROFILE%

and the %HOME% will be set to 'C:\Users\"username"'.
Go that that folder (cd %HOME%) and make a file called '_netrc'

Note: Again, for Windows, you need a '_netrc' file, not a '.netrc' file.

Its content is quite standard (Replace the <examples> with your values):

machine <hostname1>
login <login1>
password <password1>
machine <hostname2>
login <login2>
password <password2>

Luke mentions in the comments:

Using the latest version of msysgit on Windows 7, I did not need to set the HOME environment variable. The _netrc file alone did the trick.

This is indeed what I mentioned in "Trying to “install” github, .ssh dir not there":
git-cmd.bat included in msysgit does set the %HOME% environment variable:

@if not exist "%HOME%" @set HOME=%HOMEDRIVE%%HOMEPATH%
@if not exist "%HOME%" @set HOME=%USERPROFILE%

爱国者 believes in the comments that "it seems that it won't work for http protocol"

However, I answered that netrc is used by curl, and works for HTTP protocol, as shown in this example (look for 'netrc' in the page): . Also used with HTTP protocol here: "_netrc/.netrc alternative to cURL".

A common trap with with netrc support on Windows is that git will bypass using it if an origin https url specifies a user name.

For example, if your .git/config file contains:

[remote "origin"]
     fetch = +refs/heads/*:refs/remotes/origin/*
     url = https://[email protected]/p/my-project/

Git will not resolve your credentials via _netrc, to fix this remove your username, like so:

[remote "origin"]
     fetch = +refs/heads/*:refs/remotes/origin/*
     url = https://code.google.com/p/my-project/

Alternative solution: With git version 1.7.9+ (January 2012): This answer from Mark Longair details the credential cache mechanism which also allows you to not store your password in plain text as shown below.

With Git 1.8.3 (April 2013):

You now can use an encrypted .netrc (with gpg).
On Windows: %HOME%/_netrc (_, not '.')

A new read-only credential helper (in contrib/) to interact with the .netrc/.authinfo files has been added.

That script would allow you to use gpg-encrypted netrc files, avoiding the issue of having your credentials stored in a plain text file.

Files with the .gpg extension will be decrypted by GPG before parsing.
Multiple -f arguments are OK. They are processed in order, and the first matching entry found is returned via the credential helper protocol.

When no -f option is given, .authinfo.gpg, .netrc.gpg, .authinfo, and .netrc files in your home directory are used in this order.

To enable this credential helper:

git config credential.helper '$shortname -f AUTHFILE1 -f AUTHFILE2'

(Note that Git will prepend "git-credential-" to the helper name and look for it in the path.)

# and if you want lots of debugging info:
git config credential.helper '$shortname -f AUTHFILE -d'

#or to see the files opened and data found:
git config credential.helper '$shortname -f AUTHFILE -v'

See a full example at "Is there a way to skip password typing when using https:// github"

With Git 2.18+ (June 2018), you now can customize the GPG program used to decrypt the encrypted .netrc file.

See commit 786ef50, commit f07eeed (12 May 2018) by Luis Marsano (``).
^{(Merged by Junio C Hamano -- gitster -- in commit 017b7c5, 30 May 2018)}

git-credential-netrc: accept gpg option

git-credential-netrc was hardcoded to decrypt with 'gpg' regardless of the gpg.program option.
This is a problem on distributions like Debian that call modern GnuPG something else, like 'gpg2'

Greyback answered 17/5, 2011 at 13:13 Comment(21)

@Luke: yes, the git-cmd.bat included in msysgit does set the %HOME% environment variable, as I mentioned last December: stackoverflow.com/questions/8514097/… – Greyback 23/1, 2012 at 21:39

@爱国者 netrc is used by curl, and works for http protocol, as shown in this example (look for 'netrc' in the page): maymay.net/blog/2008/08/08/… . Also used with http protocol here: stackoverflow.com/questions/5193643/… – Greyback 3/2, 2012 at 4:58

@Greyback I just added another trap both Marc and I hit to the bottom. – Knish 11/5, 2012 at 5:29

@SamSaffron What version of Git are you using? Just to make sure it isn't related to https://mcmap.net/q/13936/-remote-pushurl-won-39-t-work and github.com/git/git/blob/master/Documentation/RelNotes/… – Greyback 11/5, 2012 at 6:35

@Greyback I am on 1.7.6 ... but Marc is on 1.7.8, so it must be a different issue – Knish 11/5, 2012 at 6:41

In the _netrc file, the value for "machine" should be something like: "githubenterprise.mycompany.com" – Etiolate 28/6, 2012 at 21:57

@HawkeyeParker yes, it should be the fqn (fully qualified name) of your Git server. – Greyback 28/6, 2012 at 22:3

On my work machine the _netrc method would not work when placed into my profile C:\Users\Name.Domain. Moved to C:\Users\Name and it works. – Norite 12/6, 2013 at 6:27

Do you know how to solve this question?programmers.stackexchange.com/questions/209140/… – Pronominal 22/8, 2013 at 13:1

@Pronominal yes: use an encrypted _netrc file in your %HOME%, as described in this answer. By the way, your question is a Stack Overflow question, not a programmers.SE one. – Greyback 22/8, 2013 at 13:21

@Vonc I've tried that, seems failed,,,bad ,,,Should I restart computer? Let me check and do that again... – Pronominal 22/8, 2013 at 13:25

@Pronominal you can try and restart your computer, but if it still fails, ask a question on Stack Overflow with as many details as you can, and the exact error message. – Greyback 22/8, 2013 at 14:9

@Greyback Fine, today it's ok now, I'm not sure which method makes it works well, wish it'll good as always. If it doesn't work well, then I'll edit and add more details and ask you again, thanks. – Pronominal 23/8, 2013 at 6:31

This method does not work for me. Git always prompts for passphrase. Using windows 8, openssh, tortoise git and windows git. For machine am just using github.com. I set the HOME dir to my home, where the _netrc file is, no luck. – Tayler 14/7, 2014 at 18:23

@JohnLittle strange: it works fine for me (with msysgit, not tested with TortoiseGit). Note, openssh has nothing to do with this credential helper, which is only for https url, not ssh. – Greyback 14/7, 2014 at 18:27

Well, the _netrc didn't work for me on a Windows 7 PC, but the .netrc worked for youtube-dl with the --netrc argument passed to it. – Minnieminnnie 12/4, 2015 at 23:7

This is important content (I got here while researching something at work). Perhaps reverse the order so that the most important information comes first (information about newer versions of Git comes first)? And perhaps remove the historical information, "(Original answer)", "Update late 2012", etc. The dates should be the release dates for the Git versions, not when this post was updated. This answer could be divided into subsections, for each Git version range. – Encephalograph 28/8, 2018 at 19:20

@PeterMortensen I see... a bit more complex than "active reading", then ;) I'll get on it shortly. – Greyback 28/8, 2018 at 19:23

@PeterMortensen I have reorganized the answer as requested. Let me know how I can improve it further, if needed. – Greyback 29/8, 2018 at 6:11

@Greyback can you please help me? I am having WIndows Server 2019 and I am not able to set HOME environment variable. When I list vars with set I do not see that in the list only HOMEPATH, but if I open manually Edit environment variables I do see HOME env. What is the issue? I have defined _netrc file but it seems it does not work for that reason. echo %HOME% has as output %HOME% Thanks a lot! – Zipangu 12/6, 2022 at 12:40

@AndreyS If you see HOME defined in your user environment variables, but you don't see it when typing set HOME in your current CMD, you need to open a new CMD in order for said shell session to inherit the variables you have defined. – Greyback 12/6, 2022 at 14:32

You can also install Git Credential Manager to save Git passwords in Windows credentials manager instead of _netrc. This is a more secure way to store passwords.

Anchor answered 10/10, 2012 at 23:20 Comment(2)

Great answer, this is the only answer I've found that lets me keep the simplicity of username/password (securely) without having to deal with all that SSH crap. – Counterbalance 15/10, 2012 at 17:17

@KirkWoll see my update answer above: you now can store your credentials in an encrypted .netrc file. You won't have to enter those credential even once during the session. – Greyback 23/4, 2013 at 12:6

This will let Git authenticate on HTTPS using .netrc:

The file should be named _netrc and located in c:\Users\<username>.
You will need to set an environment variable called HOME=%USERPROFILE% (set system-wide environment variables using the System option in the control panel. Depending on the version of Windows, you may need to select "Advanced Options".).
The password stored in the _netrc file cannot contain spaces (quoting the password will not work).

Perspire answered 6/7, 2016 at 12:19 Comment(1)

Simplest and best solution. Worked like charm with Android Studio, Source Tree and Git command line. I had to use this when Google recommended Cloud SDK credential.helper option failed and had to manually generate credentials and use with net rc file. In my case I didn't require option 2 and 3. – Nunn 20/12, 2016 at 2:14

I am posting a way to use _netrc to download materials from the site www.course.com.

If someone is going to use the coursera-dl to download the open-class materials on www.coursera.com, and on the Windows OS someone wants to use a file like ".netrc" which is in like-Unix OS to add the option -n instead of -U <username> -P <password> for convenience. He/she can do it like this:

Check the home path on Windows OS: setx HOME %USERPROFILE%(refer to VonC's answer). It will save the HOME environment variable as C:\Users\"username".
Locate into the directory C:\Users\"username" and create a file name _netrc.NOTE: there is NOT any suffix. the content is like: machine coursera-dl login <user> password <pass>
Use a command like coursera-dl -n --path PATH <course name> to download the class materials. More coursera-dl options details for this page.

Creativity answered 9/9, 2016 at 8:5 Comment(0)

In my OS WINDOWS, I use the .netrc file without the underline (LIKE IN LINUX). And works without problem.

To create the archive I used notepad.

Inside the archive I put only the line:

machine <the_link_that_you_want> login <your_login> password <your_password>

like the example below:

machine www.gmail.com login maria password 123456

To save the file, I put in the name of the file : .netrc (otherwise, only the extension, without name at all) and in the type of file I mark: all files

I saved the archive in me personal directory (like C:/users/maria)

The directory must be the same directory that you have folders like: .vscode, .conda, .python ....

after that, the program start to authenticate in the site without problems.

Delirious answered 7/12, 2023 at 20:44 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

`git-credential-netrc`: accept `gpg` option

Recommended topics

Hot tags

git-credential-netrc: accept gpg option

Recommended topics

Hot tags

`git-credential-netrc`: accept `gpg` option