How can I save username and password in Git?

Asked 11/3, 2016 at 14:29 Answered 16/1, 2024 at 0:13

Solved git credentials git-config git-extensions

2665

I want to use a push and pull automatically in Git Extensions, Sourcetree or any other Git GUI without entering my username and password in a prompt, every time.

So how can I save my credentials in Git?

Evangel answered 11/3, 2016 at 14:29 Comment(5)

You can also authenticate via SSH: stackoverflow.com/questions/6565357/… – Dulci 12/11, 2019 at 0:12

Also see Is there a way to cache GitHub credentials for pushing commits? and Configuring user and password with Git Bash. – Sleave 12/11, 2019 at 20:49

As far as GitHub, the current policy (as of Aug 2021) is that you can NO LONGER have username/passwords. Instead, you MUST use SSH or "Personal Access tokens": Dealing With GitHub Password Authentication Deprecation – Interdiction 14/9, 2021 at 3:38

@Interdiction A secure user-friendly alternative to SSH or personal access tokens is OAuth via Git Credential Manager, see my answer https://mcmap.net/q/20179/-how-can-i-save-username-and-password-in-git – Globule 27/2, 2022 at 16:35

See also this 2022 Git mailing list thread. – Borisborja 9/11, 2022 at 19:1

4311

Attention: This method saves the credentials in plaintext on your PC's disk. Everyone on your computer can access it, e.g. malicious NPM modules.

Run

git config --global credential.helper store

then

git pull

provide a username and password and those details will then be remembered later. The credentials are stored in a file on the disk, with the disk permissions of "just user readable/writable" but still in plaintext.

If you want to change the password later

git pull

Will fail, because the password is incorrect, git then removes the offending user+password from the ~/.git-credentials file, so now re-run

git pull

to provide a new password so it works as earlier.

Briolette answered 11/3, 2016 at 14:36 Comment(24)

for Debian/Ubuntu use libsecret stackoverflow.com/questions/36585496/… – Fiedling 2/10, 2017 at 14:29

Note that this will store your username and password in a plain text file at ~/.git-credentials. Anyone can open it and read it. – Sontag 24/9, 2018 at 4:13

It only works for one repository, the repo you are currently in. If I want to work with another repo, I need to do that again – Unorganized 20/1, 2019 at 11:42

@ShamsulArefinSajib Use git config --global ... – Carburetor 22/1, 2019 at 0:52

store is unsafe, and if my machine gets stolen? I would be doomed..., should be cache – Tournedos 23/1, 2019 at 4:21

and use this if you want to forget : git config --global credential.helper forget – Pedropedrotti 23/10, 2019 at 10:22

I think it's worth pointing out that one may want to skip the --global to only store the password for one repository (when pulling and pushing) but not for any other repository (which might be on a different hoster, with different credentials that one might not want to store for whatever reasons) – Dimphia 26/11, 2019 at 10:4

@Sontag If you are on Linux, the file is protected and can only be read by you. So yes, there is a file, but no, noone except for you can read it. (I don't know about Windows, though.) – Bertiebertila 7/1, 2020 at 20:37

how can I use this for gitlab @Briolette – Digger 28/2, 2020 at 7:23

I work with 2 different repositories(office + personal) with different usernames/passwords. Can I save 2 usernames/passwords with different repositories? If yes then how? – Infecund 8/3, 2020 at 18:21

Note that you can create an oauth-token and use that instead of your GitHub password. This slightly improves security, since anyone with the token can still access your repos, but cannot access your GitHub account (through a browser). – Jeffreyjeffreys 20/5, 2020 at 12:50

If using Gitlab or Github, you can create an access token in your account settings, and provide this token instead of your password. The token will be saved in the ~/.git-credentials file instead of your password and can be easily revoked from your account settings. – Leitmotif 17/2, 2021 at 9:22

@RoboAlex's comment is popular but the protections on ~/.git-credentials are no different than a private key like ~/.ssh/id_rsa. So if you don't have a password on your private key then ~/git-credentials is no worse than ssh keys – Umbrageous 19/3, 2021 at 13:5

stack answer shows a stellar way to easily encrypt the token/password in 3 simple steps. – Garceau 2/5, 2021 at 20:5

It's stored in memory, not on disk: git-scm.com/docs/git-credential-cache @Sontag take notice pls. – Thud 20/6, 2021 at 10:54

why does git not just encrypt the storage file? – Alysiaalyson 8/7, 2021 at 4:21

what about Ubuntu WSL on Windows? Is this also plain-text readable due to Windows at the base? – Mantoman 6/5, 2022 at 16:51

@AquariusPower if your machine gets stolen, you login to GH from a different location and delete the key and generate a new one. Then the thief only can learn your username, which is public information already. (Assuming the thief can login to the machine) – Africander 10/7, 2022 at 16:2

@REMCodes and if I learn about the theft only after I come back from a travel? cache is overall better – Tournedos 11/7, 2022 at 20:46

@PradeepSingh If you want to switch to another account, you may need to check this thread: https://mcmap.net/q/20393/-how-do-i-push-to-github-under-a-different-username, which essentially disables the credential store. After all, just manipulate the .gitconfig file to your purpose. – Quiteris 5/9, 2022 at 5:57

it is possible to revoke remember u.name and pwd? – Tourneur 18/1, 2023 at 21:20

it is possible save only for specific repo? – Tourneur 18/1, 2023 at 21:22

I was loosing my mind why the hell on the new installation of Manjaro git cannot remember my creds) – Immoral 3/1, 2024 at 11:27

didn't work.... What If I want to reenter my credentials a year later if they've expired? Credentials from devops? – Chandrachandragupta 17/3, 2024 at 21:53

662

You can use the git config to enable credentials storage in Git.

git config --global credential.helper store

When running this command, the first time you pull or push from the remote repository, you'll get asked about the username and password.

Afterwards, for consequent communications with the remote repository you don't have to provide the username and password.

The storage format is a .git-credentials file, stored in plaintext.

Also, you can use other helpers for the git config credential.helper, namely memory cache:

git config credential.helper 'cache --timeout=<timeout>'

which takes an optional timeout parameter, determining for how long the credentials will be kept in memory. Using the helper, the credentials will never touch the disk and will be erased after the specified timeout. The default value is 900 seconds (15 minutes).

Warning: If you use this method, your Git account passwords will be saved in plaintext format, in the global .gitconfig file, e.g in Linux it will be /home/[username]/.gitconfig.

If this is undesirable to you, use an ssh key for your accounts instead.

Grummet answered 11/3, 2016 at 15:22 Comment(12)

Wish you showed the .gitconfig file - the first command has been overwritten by the second :( – Uball 8/3, 2017 at 13:24

For git config credential.helper cache the passwords will not be saved to a file, only stored in memory. See: git-scm.com/docs/git-credential-cache – Ruelle 20/7, 2019 at 6:11

Does not work. Gives fatal: Authentication failed. Doesnt even ask for password. – An 1/10, 2019 at 18:41

Just as an addendum - your private ssh-key will also be stored in plaintext in a user-accessible location, so in essence the same attack surface in both cases. – Colvin 7/1, 2020 at 11:48

how can I use this for gitlab – Digger 28/2, 2020 at 7:22

there's no difference for gitlab configs. you can use these commands for github, gitlab, bitbucket,... – Grummet 28/2, 2020 at 16:52

but setting up ssh is difficult for a first timer like me – Puffball 2/4, 2020 at 19:40

That doesnt add the time out, see @Andreas Bigger comment below: git config --global credential.helper 'cache --timeout=3600' – Attah 30/4, 2020 at 13:17

Does not work for me.. Now I get the error: git: 'credential-cache' is not a git command. See 'git --help'. fatal: Authentication failed for [url] – Abeyant 1/5, 2020 at 14:14

I have to store username and passwords twice, in the above named .gitconfig and in git-credentials, so someone nasty can be sure she/he HAS the right github key;) when checking both. – Fremont 13/11, 2020 at 11:41

Unless you put a password on your private ssh key, it is also stored in plain text, no more securely than ~/.git-credentials, by default in ~/.ssh/id_rsa. So the advice to use an ssh key as more secure, would need to specify a password-protected private key. In which case you'd have to type that password each time, defeating the original purpose, unless you cache it with ssh-agent – Umbrageous 19/3, 2021 at 13:12

I had to use this method with the UNSECURE option on a target machine. The secure option was not working due to some limitations. Check this for reference: github.com/microsoft/vcpkg/discussions/… – Sherburn 13/6, 2022 at 17:45

481

Recommended and secure method: SSH

Generate a key following these steps: more details

$ssh-keygen -t rsa -b 4096 -C "[email protected]"

set a passphrase that protects the key and store it locally

Copy the contents of the id_rsa.pub file to your clipboard for next step

$ clip < ~/.ssh/id_rsa.pub

Go to github.com → Settings → SSH and GPG keys → New SSH Key. Paste they key and save it

If the private key is saved as id_rsa in the ~/.ssh/ directory, we add it for authentication as such:

ssh-add -K ~/.ssh/id_rsa

A more secure method: Caching

We can use git-credential-cache to cache our username and password for a time period. Simply enter the following in your CLI (terminal or command prompt):

git config --global credential.helper cache

You can also set the timeout period (in seconds) as such:

git config --global credential.helper 'cache --timeout=3600'

Parkerparkhurst answered 13/7, 2018 at 14:34 Comment(19)

This did not work for me, git clone still asks for the username and password – Nary 20/12, 2018 at 5:9

i do not recommend storing your password like this because "git config --global -l" would reveal your password on the console – Jiles 26/12, 2018 at 8:2

This is not working for me. It is strange that it should work for anyone, since in gitconfig's specification there is no room for "password" – Ledford 28/11, 2019 at 18:12

.gitconfig is the different file: .git-credentials located in your home folder contains URL to repo with your username and password in URL, just like git://username:password@server/git/repo Be careful, IT IS SAVED PLAIN TEXT PASSWORD. Use "git config --global credential.helper cache" if you cannot use ssh keys. – Staggard 13/4, 2020 at 7:11

When I tried to add user and password mannually the config file broke and I had to clone the repo again. Do not try this.. – Abeyant 1/5, 2020 at 14:11

@LTV, this is a fairly well documented process. Day in and out, people update git username manually (not password please); the issue may well be on your end. – Sosthina 29/7, 2020 at 17:56

The ssh method is preferred, particularly if you create a pass-phrase. I find Git's instructions helpful: docs.github.com/en/github/authenticating-to-github/… – Betteanne 19/8, 2020 at 14:39

This answer needs a lot of elaboration on the first part "Recommended and Secure Method: SSH". A random user online needs to know the commands to execute to create an SSH key. – Allaround 6/10, 2020 at 18:13

Quick and insecure works, you can also change the gitconfig manually. – Fremont 16/11, 2020 at 11:0

If you use the SSH method, you'll need to start using SSH URLs instead of git URLs - stackoverflow.com/questions/14762034/… – Tripterous 24/2, 2021 at 3:32

"An even less secure method". Have to disagree. Does anyone here realise your passwordless private ssh key (the whole point of the question is to avoid typing your password) is stored in plain text (by default in ~/.ssh/id_rsa, no more securely than ~/.git-credentials ? Also the credential.helper store method does not put the password / token in .gitconfig Also due to quirks of sites like GitHub you get more fine-grained control over permissions on a Personal Access Token than an SSH public key. So for that specific case I'd say PAT with credential helper is "more secure" – Umbrageous 19/3, 2021 at 13:21

If you don't have a PIN for authenticator use ssh-add ~/.ssh/id_rsa instead. (Omit -K) – Pelag 20/5, 2021 at 10:36

I faced issues in creating gpg keys, on ubuntu20.04. So I chose insecure method to save all things plaintext. – Facility 8/7, 2021 at 14:37

@Jiles GitHub Personal access tokens are not revealed by git config --global -l. The credential cache appears to be working just fine. I set my timeout for 3 days. – Blaeberry 31/10, 2021 at 0:31

@JasonS When you generate your private ssh key, you should secure it with a passphrase. Then it is more secure than the methods that store a credential in plaintext. See: security.stackexchange.com/questions/183636/… – Thordis 11/2, 2022 at 20:57

@Thordis The original question is how to use a Git GUI tool without entering a password for operations to the remote repository. If you secure your key with a passphrase and don't use ssh-agent you'll be prompted for the password each time the key is used. If you use ssh-add (as in this answer) which adds the key to ssh-agent it will ask for the key password (if any), so not exactly passwordless. My previous comment was merely to point out that passwordless ssh private key is also free text on disk, so no more secure than ~/.git-credentials – Umbrageous 13/2, 2022 at 1:29

Note (also to myself in the future): 9 h are 32400 s. It might make sense to want to enter credentials once per working day. – Bucket 29/12, 2022 at 10:22

@JasonS Passwordless SSH keys are stupid, and you get a warning when you create them. ssh-agent also became much easier to use in the last few years, and are integrated into Windows and many Linux distros too. GitHub tokens are harder to use, and not more secure than SSH. – Waxman 15/1, 2024 at 17:38

@EricDuminil My first comment was in response to part of the answer which is now removed (look in the answer history version 7), which said using Git credential store was less secure than passwordless ssh key, which I said it wasn't. I went a bit far saying PAT was "more secure" but that was mainly coz it gives you more fine-grained access control in GitHub than SSH keys, but that is a GitHub implementation choice, not due to any weakness of SSH keys. If the private key is properly protected (generated in place on machine, correct acls, encrypted disk) I've not a big problem with passwordless – Umbrageous 16/1, 2024 at 12:53

186

Turn on the credential helper so that Git will save your password in memory for some time:

In Terminal, enter the following:

# Set Git to use the credential memory cache
git config --global credential.helper cache

By default, Git will cache your password for 15 minutes.

To change the default password cache timeout, enter the following:

# Set the cache to timeout after 1 hour (setting is in seconds)
git config --global credential.helper 'cache --timeout=3600'

From GitHub Help.

Dolphin answered 26/7, 2017 at 12:38 Comment(12)

you're the only one who suggested the global version which is IMPORTANT, cause it got ruined for me every time I re-cloned the repo – Cockade 24/1, 2018 at 21:56

How to set the timeout to infinity? I never want to enter my password again. – Crow 4/4, 2018 at 19:33

@Crow just replace the cache part with store. So, the full command will be: git config --global credential.helper store. Note that this will store Your password in a open-text file (without any encryption, so to say). – Triviality 20/4, 2018 at 6:40

@Casper That doesn't work with more than one account, the password isn't fetched from the store based on the e-mail like it should, instead the first one in the list is taken. – Crow 21/4, 2018 at 9:53

@Crow hm.. is that supposed to be like that or it might be a bug? What is the maximum value for the --timeout parameter? – Triviality 21/4, 2018 at 12:50

If you do this approach on Windows you will need to install the latest windows credential manager github.com/Microsoft/Git-Credential-Manager-for-Windows/… or else you will get fatal HttpRequestExceptions – Yawn 30/5, 2019 at 15:31

After doing that, when I use git, I get the message "git: 'credential-cache' is not a git command. See 'git --help'." – Known 17/9, 2019 at 2:51

@user1738579 Do you use GIT on Windows? Maybe this will help you: stackoverflow.com/questions/11693074/… – Dolphin 17/9, 2019 at 11:12

Of interest: commit f13c3f28 from git 2.39 (Q4 2022). – Borisborja 24/11, 2022 at 20:18

Note (also to myself in the future): 9 h are 32400 s. It might make sense to want to enter credentials once per working day. – Bucket 29/12, 2022 at 10:22

Can we change the cache timeout to infinity and beyond? – Tombouctou 6/5, 2023 at 6:37

@Tombouctou Technically, you can set the cache timeout to a very large value, which would effectively make it infinite for practical purposes. It is also important to remember that any reboot will of course clear the cache. However, it's not recommended to set the cache timeout to an extremely large or infinite value, as this could potentially compromise the security of your Git repository. – Dolphin 8/5, 2023 at 9:1

125

You can edit the ~/.gitconfig file to store your credentials:

nano ~/.gitconfig

Which should already have

[user]
        email = [email protected]
        user = gitUSER

You should add the following at the bottom of this file.

[credential]
        helper = store

The reason I recommend this option is because it is global and if at any point you need to remove the option you know where to go and change it.

Only use this option in you personal computer.

Then when you pull | clone| enter you Git password, in general, the password will be saved in ~/.git-credentials in the format

https://gituser:[email protected]

Where DOMAIN.XXX could be github.com, bitbucket.org, or others

See the documentation.

Restart your terminal.

Neology answered 5/6, 2018 at 12:47 Comment(4)

Don't forget to restart git bash window. Only when I did that, it worked for me. – Forsooth 15/1, 2019 at 22:33

The other alternative not recommended would be to leave the [credential] and the git-credentials and store the password direct in the .gitconfig. Either manually or with git config .. – Fremont 16/11, 2020 at 10:59

Restarting means exec bash – Fremont 16/11, 2020 at 12:4

Honest question, why is sudo needed for a user-specific file? – Inch 9/9, 2021 at 17:45

107

After going over dozens of Stack Overflow posts, blogs, etc., I tried out every method, and this is what I came up with. It covers everything.

The vanilla DevOps Git credentials & private packages cheat sheet

These are all the ways and tools by which you can securely authenticate Git to clone a repository without an interactive password prompt.

SSH public keys
- SSH_ASKPASS
API access tokens
- GIT_ASKPASS
- .gitconfig insteadOf
- .gitconfig [credential]
- .git-credentials
- .netrc
Private packages (for free)
Node.js / npm package.json
Python / pip / eggs requirements.txt
Ruby gems Gemfile
Go go.mod

The Silver Bullet

Want Just Works™? This is the magic silver bullet.

Get your access token (see the section in the cheat sheet if you need the GitHub or Gitea instructions for that) and set it in an environment variable (both for local development and deployment):

MY_GIT_TOKEN=xxxxxxxxxxxxxxxx

For GitHub, copy and run these lines verbatim:

git config --global url."https://api:[email protected]/".insteadOf "https://github.com/"
git config --global url."https://ssh:[email protected]/".insteadOf "ssh://[email protected]/"
git config --global url."https://git:[email protected]/".insteadOf "[email protected]:"

Congratulations. Now any automated tool cloning Git repositories won't be obstructed by a password prompt, whether using HTTPS or either style of an SSH URL.

Not using GitHub?

For other platforms (Gitea, GitHub, and Bitbucket), just change the URL. Don't change the usernames (although arbitrary, they're needed for distinct configuration entries).

Compatibility

This works locally in macOS, Linux, Windows (in Bash), Docker, CircleCI, Heroku, Akkeris, etc.

More information

See the ".gitconfig insteadOf" section of the cheat sheet.

Security

See the "Security" section of the cheat sheet.

Depress answered 27/7, 2019 at 3:59 Comment(16)

What I was after was git config --global credential."https://somegithost.com".username MyUserName, which is in your cheatsheet, but not anywhere else in this answer thread. That particular solution doesn't answer the OP's question, but it answered mine, so thanks! – Danaus 14/2, 2020 at 4:14

Finally: documentation on non-interactive global usage of an API access token for pipelines without Jenkins credentials helpers or Vault. – Aggravate 10/12, 2020 at 16:12

Not only does this not work, but now I can't commit to Git at all :-( – Sayers 20/9, 2021 at 8:49

@Sayers It works. However, you may not have a correct access token, or may have used the wrong kind of quote or shell (if you're on Windows, for example). You can edit ~/.gitconfig or .git/config and remove the configuration. – Depress 20/9, 2021 at 9:43

@Depress I managed to reverse it by editing gitconfig, but I can assure you it doesn't work. I'm on linux so not a shell issue and I definitely have the correct access token. – Sayers 22/9, 2021 at 8:47

What if I have some git remotes on github and others on my own gitlab server? How can I configure git to use the access token only for github and not for all oter git repositories? – Disfranchise 1/1, 2022 at 23:46

@MaxN It's the same. You just have one set of config options per service - so rather than only 3 for github, you'd also have 3 for gitea and 3 for gitlab, and 3 for bitbucket, etc. – Depress 2/1, 2022 at 4:10

OMG, it just works! I've been chasing this issue for 6 hours and then I see this post... In my case I'm configuring an automated installation of Python libraries directly from GitHub in an AWS Lambda Docker image. -- Thanks @coolaj86, you're a life saver. – Paleogeography 25/1, 2022 at 1:38

Isn't when I enter MY_GIT_TOKEN=xxxxxxxxxxxxxxxx writing the access token in plain text to the .bash_history file? Or did I get something wrong? – Bucket 29/12, 2022 at 10:36

@Bucket enter spaces before the command and most shells will know to not save that in the history. However, on a local computer it won't matter because all desktop OSes turn on at-rest encryption by default, which is doubly enforced by the software installed by your company's IT subcontractor - that annoying "jamf" stuff. A lot of the old rules about security from the 90s - back when raptors roamed the Unix system control rooms have been superseded by / interrelated into modern hardware and software - plus it's all in the cloud anyway, you can't really secure anything yourself these days. – Depress 29/12, 2022 at 14:38

This (like many other answers) is a hack to 'get around' git security, storing the API key as clear text. Better to 'work with' the credential helper. – Intravenous 10/4, 2023 at 18:21

@DominicCerisano False! This is not a hack to 'get around' git security. You're basing assumptions on old security models that don't exist on modern computers or modern cloud environments. Yes, if you have a vualt, use it. However, there are many different models as referenced in the linked article and they apply in different scenarios. This is perfectly valid for a wide range of uses cases, especially those mentioned, and caveats are mentioned in the article. – Depress 11/4, 2023 at 5:4

@Depress Wrong, and your assumptions are ageist. Git has a modern security model that works perfectly with modern devices and services. The git credential helper is for avoiding hacky old solutions such as storing tokens as clear text. Also I don't know what a vualt (sic) is, probably something wrong there as well. – Intravenous 26/4, 2023 at 15:57

Followed these instructions verbatim, and got The requested URL returned error: 403. I'm guessing these instructions might be a little out of date? – Equidistance 28/8, 2023 at 23:8

@Equidistance I don't think anything about git auth has changed. 403 is forbidden, not 401 unauthorized, so it may be that the token is valid, but doesn't have access to the repo. Depending on what service you're using it's possible that additional account or token config is necessary. – Depress 30/8, 2023 at 0:37

@Depress pretty sure the token had access to the repo, so it's more likely that it's no longer valid. – Equidistance 30/8, 2023 at 16:40

I think it's safer to cache credentials, instead of storing it forever:

git config --global credential.helper 'cache --timeout=10800'

Now you can enter your username and password (git pull or ...), and keep using Git for the next three hours.

It is nice and safe.

The unit for timeout is seconds (three hours in this example).

Thermophone answered 15/1, 2020 at 6:14 Comment(0)

For global settings, open the terminal (from anywhere), run the following:

  git config --global user.name "your username"
  git config --global user.password "your password"

By that, any local Git repository that you have on your machine will use that information.

You can individually configure for each repository by doing:

open the terminal at the repository folder.

run the following:

  git config user.name "your username"
  git config user.password "your password"

It affects only that folder (because your configuration is local).

Regimen answered 4/3, 2019 at 8:13 Comment(6)

Isn't it dangerous having such credentials in a simple config file viewable by anyone? – Hooknose 5/5, 2019 at 15:28

your question should be for another topic. Here we discus about how to config name and password for git global and locally. – Regimen 6/5, 2019 at 7:30

I'd just like to add that asking about possible security issues of an answer has a place here as it directly influences its quality and potentially thousands of users implementing it. – Unkempt 11/5, 2019 at 16:51

doesn't work for me , added --local tag but again nothing happens – Miscreant 4/12, 2019 at 11:58

I think @Hooknose question is a fair one. No-one really answered though. git config --global is still only accessible to the user, at ~/.gitconfig, so in that sense it is probably no worse than a private ssh key (with no password protection) in your home directory, or things like ~/.aws/config for aws cli. If you used --system for git config it would be available to all users on your computer, so better not do that, and no need to, although it would still be limited to the other users on your computer. – Umbrageous 18/3, 2021 at 0:21

Uh... user.name is used for the author's full name in writing commit messages. This should have nothing to do with the user name for authentication to a remote server. And one should never store a password in a configuration file like that (that's what git-config does). – Wadesworth 19/9, 2023 at 8:38

Just put your credentials in the URL like this:

https://Username`**:**`Password`**@**`github.com/myRepoDir/myRepo.git`

You may store it like this:

git remote add myrepo https://Userna...

...example to use it:

git push myrepo master`

Now that is to List the URL aliases:

git remote -v

...and that the command to delete one of them:

git remote rm myrepo

Reedy answered 4/7, 2018 at 0:19 Comment(5)

You can also leave your password out of the URL so Git will ask for your password, but not your username. – Omission 19/7, 2018 at 0:2

It's much easy and secure to use SSH instead of HTTP. So, you could keep your Git password secret and only use your SSH-Key. Information about SSH on Git: help.github.com/en/enterprise/2.16/user/… [email protected]:Username/myRepo.git – Arbor 6/1, 2020 at 14:32

Having your password in the url will save it to your terminal's history so this way isn't very secure. – Fransen 19/2, 2020 at 22:3

Note that a Wiki can currently only be cloned through https, not ssh, so a solution like this can be useful there. Note also that you can use an oauth-token, which is marginally more secure that your GitHub password. – Jeffreyjeffreys 20/5, 2020 at 15:22

Worked with windows credential manager, was prompted by windows for the password! – Integrated 7/2, 2022 at 14:47

You can use git-credential-store to store your passwords unencrypted on the disk, protected only by the permissions of the file system.

Example

git config credential.helper store
git push http://example.com/repo.git

Username: <type your username>
Password: <type your password>

[Several days later]

git push http://example.com/repo.git

[Your credentials are used automatically]

You can check the credentials stored in the file ~/.git-credentials.

For more information, visit git-credential-store - Helper to store credentials on disk.

Gapeworm answered 25/7, 2018 at 17:27 Comment(0)

Store username and password in .git-credentials

.git-credentials is where your username and password (access token) is stored when you run git config --global credential.helper store, which is what other answers suggest, and then type in your username and password or access token:

https://${username}:${password_or_access_token}@github.com

So, in order to save the username and password (access token):

git config --global credential.helper store
echo "https://${username}:${password_or_access_token}@github.com" > ~/.git-credentials

Replace ${username} with your username, ${password_or_access_token} with your password (not recommended) or your access token.

NOTE that you must provide access token if you enabled 2FA on GitHub.

Using access token is recommended.

This is very useful for a GitHub robot, e.g. to solve Chain automated builds in the same Docker Hub repository by having rules for different branch and then trigger it by pushing to it in the post_push hook in Docker Hub.

An example of this can be seen here on Stack Overflow.

Mummy answered 16/8, 2019 at 23:44 Comment(12)

Thanks, you're a life savior! We can also set https://${access_token}:${access_token}@github.com – Accord 14/11, 2019 at 15:9

@LucasMendesMotaDaFonseca access token can be used as username??? – Mummy 24/11, 2019 at 3:48

@PeterMortensen It's definitely not and now it is replaced with 'hook'. – Mummy 14/9, 2021 at 3:34

is working also with bitBucket? – Varien 17/9, 2021 at 14:33

@Varien I think this should work with any sites. However, bitbucket requires users with 2FA (which I enabled) to clone with ssh key, so I can’t test it. – Mummy 18/9, 2021 at 6:34

From all the different solutions, this is the one that worked for me. thank you! – Kraft 22/2, 2023 at 22:0

@MichaelN Hmmm so it doesn't work with https:// prefix on your system? Which git and os are you using? – Mummy 11/4, 2023 at 4:4

@JiaHaoXu On macOS… echo “username:[email protected]“ > ~/.git-credentials worked for me, where you replace username with your username and password with your password or access token. The $ syntax doesn’t work in Unix. Add https:// Stack is removing it. – Missive 12/4, 2023 at 5:5

Thanks, I didn't know that it doesn't need https:// prefix, the ${username} in my answer means that you should replace that with your username, which is taken from bash variable expansion. – Mummy 17/4, 2023 at 10:46

@MichaelN I've clarified the instruction and now it should be clear on how to save the password and username. – Mummy 17/4, 2023 at 10:48

Be sure to remove the " in the .git-credentials file in case your command saves them inside – Wiggly 26/4, 2023 at 8:8

@Wiggly Thanks for pointing it out, I just realize that the character I typed in is not the " but rather another character similar to it, I've updated my answer and fixed it. – Mummy 26/4, 2023 at 12:39

Apart from editing the ~/.gitconfig file, that you can do if you call from the command line:

git config --local --edit

git config --global --edit

Editing git config file in default text editor

You can also use the command line to edit the git config file directly (without the editor)

git config --local user.name 'your username'
git config --local user.password 'your password'

git config --global user.name 'your username'
git config --global user.password 'your password'

Note to always use single quotes. Your username and password may use some characters that would break your password if you use double quotes.

--local or --global means configuration parameters are saved for the project or for the OS user.

Hoke answered 16/4, 2019 at 21:58 Comment(6)

Check also this one that explains even more. – Hoke 5/7, 2019 at 8:14

Are you sure single quotes will work on Windows, other than inside WSL? – Slinkman 2/8, 2020 at 11:44

I usually do things from Windows PowerShell and this single quote worked on Windows (no WSL). – Hoke 2/8, 2020 at 12:39

What is "the os user"? Do you mean by "the OS user"? (OS = operating system). If so, what does that mean? Or something else? Can you rephrase? – Actaeon 8/9, 2021 at 15:56

The first sentence is close to incomprehensible. Can you rephrase, please? (But without "Edit:", "Update:", or similar - the answer should appear as if it was written today.) – Actaeon 8/9, 2021 at 15:57

Thanks, @PeterMortensen, I improved and let me know if this is OK now. – Hoke 27/9, 2021 at 12:24

As of 2021, there is a secure user-friendly cross-platform solution for HTTPS remotes. No more typing passwords! No more SSH keys! No more personal access tokens!

Install Git Credential Manager developed by GitHub (downloads). It supports passwordless in-browser OAuth authentication to GitHub, BitBucket, Azure and GitLab. This means you can enable two-factor authentication on GitHub and the other platforms, greatly improving the security of your accounts.

When you push, you are offered a choice of authentication methods:

> git push
Select an authentication method for 'https://github.com/':
  1. Web browser (default)
  2. Device code
  3. Personal access token
option (enter for default): 1
info: please complete authentication in your browser...

On Linux, a tiny bit of setup is required. The following caches credentials in memory for 20 hours, so you have to authenticate at most once per day.

git-credential-manager-core configure
git config --global credential.credentialStore cache
git config --global credential.cacheoptions "--timeout 72000"

Power users familiar with gnome-keyring or KWallet may prefer to change the credential store to libsecret.

Cosmetic configuration (docs):

Prefer choosing authentication method at terminal rather than in GUI (fewer clicks)
Always use browser method rather than be asked every time (even fewer keypresses)

git config --global credential.guiPrompt false
git config --global credential.gitHubAuthModes browser

Globule answered 27/2, 2022 at 11:59 Comment(1)

I remain a huge fan of GCM but if you find it difficult to install on Linux, you can use git-credential-oauth https://mcmap.net/q/20179/-how-can-i-save-username-and-password-in-git – Globule 12/11, 2022 at 20:0

You will be more secure if you use SSH authentication than username/password authentication.

If you are using a Mac, SSH client authentication is integrated into the macOS keychain. Once you have created an SSH key, type into your terminal:

ssh-add -K ~/.ssh/id_rsa

This will add the SSH private key to the macOS keychain. The Git client will use SSH when it connects to the remote server. As long as you have registered your ssh public key with the server, you will be fine.

Caviness answered 26/2, 2018 at 12:44 Comment(6)

should be k not K? – Sinus 28/4, 2018 at 15:23

FYI: I am working on a Mac. Having said that, from the "man" info: "-k" When loading keys into or deleting keys from the agent, process plain private keys only and skip certificates. "-K" When adding identities, each passphrase will also be stored in the user's keychain. When removing identities with -d, each passphrase will be removed from it. – Caviness 30/4, 2018 at 11:35

I don't think this work for https-based repositories. – Shantung 19/5, 2018 at 13:49

This answer seems to confuse passwords (HTTPS repos) with SSH private keys. – Annabell 23/5, 2018 at 4:51

Yes, my recommended solution is for SSH, not HTTPS. Hence, the command "ssh-add". For HTTPS it would be the solution mentioned above "git credential-osxkeychain" (on Mac). – Caviness 20/7, 2018 at 10:25

I disagree. You can't be more secure by giving access to the host an SSH access. Using HTTP authentication, someone who steal the credentials would only have access to GitHub/GitLab. Also token are designed to have a limited life. – Chamberlin 1/10, 2018 at 20:50

Just use

git config --global credential.helper store

And do the git pull. It will ask for a username and password. From now on it will not provide any prompt for username and password. It will store the details.

Burnsides answered 7/9, 2019 at 12:17 Comment(1)

You've just basically repeated the accepted answer. – Glee 7/9, 2019 at 12:43

To save your user name and user password into github account just run these command in sequence.

git config --global user.name "userName"
git config --global user.email "[email protected]"
git config --global user.password "userPassword"
git config --global credential.helper store
git config --list --show-origin

Then generate a key using below command:

ssh-keygen -t rsa -C "[email protected]"

Note: Copy the file location where id_rsa file gets created Then go to that file location -->open gitbash or command prompt --> Run a command - cat id_rsa.pub

SSH key will be dispayed, copy this SSH key and paste it in your gihub/gitlab account

Exist answered 6/6, 2022 at 4:30 Comment(0)

In that case, you need git credential helper to tell Git to remember your GitHub password and username by using following command line:

git config --global credential.helper wincred

And if you are using a repository using an SSH key then you need the SSH key to authenticate.

Degression answered 8/9, 2018 at 19:17 Comment(2)

wincred is obsoleted, see https://mcmap.net/q/20397/-wincred-not-working-properly-with-git-bash-git-for-windows-when-executing-certain-commands-like-quot-prune-quot – Arrangement 15/7, 2020 at 7:46

To add to what @Arrangement said, on Windows, manager-core is now bundled with the Git installer for Windows github.com/microsoft/Git-Credential-Manager-Core – Umbrageous 19/3, 2021 at 13:35

None of the previous answers worked for me. I kept getting the following every time I wanted to fetch or pull:

Enter passphrase for key '/Users/myusername/.ssh/id_rsa':

For Macs

I was able to stop it from asking my passphrase by:

Open config by running: vi ~/.ssh/config
Added the following: UseKeychain yes
Saved and quit: Press Esc, and then enter :wq!

For Windows

I was able to get it to work using the information in this Stack Exchange post: How to avoid being asked passphrase each time I push to Bitbucket

Profanatory answered 13/8, 2019 at 21:23 Comment(1)

that's because you are using SSH protocol (other answers use HTTPS). – Abydos 2/12, 2019 at 8:13

Check official Git documentation:

If you use the SSH transport for connecting to remotes, it’s possible for you to have a key without a passphrase, which allows you to securely transfer data without typing in your username and password. However, this isn’t possible with the HTTP protocols – every connection needs a username and password. This gets even harder for systems with two-factor authentication, where the token you use for a password is randomly generated and unpronounceable.

Fortunately, Git has a credentials system that can help with this. Git has a few options provided in the box:

The default is not to cache at all. Every connection will prompt you for your username and password.

The “cache” mode keeps credentials in memory for a certain period of time. None of the passwords are ever stored on disk, and they are purged from the cache after 15 minutes.

The “store” mode saves the credentials to a plain-text file on disk, and they never expire. This means that until you change your password for the Git host, you won’t ever have to type in your credentials again. The downside of this approach is that your passwords are stored in cleartext in a plain file in your home directory.

If you’re using a Mac, Git comes with an “osxkeychain” mode, which caches credentials in the secure keychain that’s attached to your system account. This method stores the credentials on disk, and they never expire, but they’re encrypted with the same system that stores HTTPS certificates and Safari auto-fills.

If you’re using Windows, you can install a helper called “Git Credential Manager for Windows.” This is similar to the “osxkeychain” helper described above, but uses the Windows Credential Store to control sensitive information. It can be found at https://github.com/Microsoft/Git-Credential-Manager-for-Windows.

You can choose one of these methods by setting a Git configuration value:

git config --global credential.helper cache

git config --global credential.helper store

From 7.14 Git Tools - Credential Storage

Graziano answered 13/5, 2020 at 11:42 Comment(0)

Save the username and password globally:

git config --global user.name "fname lname"
git config --global user.email "[email protected]"
git config --global user.password "secret"

Get a specific setting,

git config --global --get user.name
git config --global --get user.email
git config --global --get user.password

Getting all Git settings:

git config --list --show-origin

Facility answered 8/7, 2021 at 14:56 Comment(2)

I have done all the settings globally, username, email, and password, still when I push the code on GitHub, It asks for the username and password every time – Ewold 25/9, 2021 at 10:59

Yes, there are multiple places git settings are saved. Maybe in project .git folder some project settings are defaulted and take precedence. – Facility 9/10, 2021 at 11:25

If security is not a concern for the git client, edit the url this way:

git remote set-url origin https://${access_token}@github.com/${someone}/${somerepo}.git

Same in the git clone case:

git clone https://${access_token}@github.com/${someone}/${somerepo}.git

I personally do not favor git config with global domain, since that would be a mess in a multiple-accounts case.

access_token is what you could generate in Settings / Developer settings / Personal access tokens. Remember to grant it with repo scope.

Luana answered 19/9, 2021 at 3:19 Comment(1)

If security were not a concern, there would not be a need for a credential helper. – Intravenous 10/4, 2023 at 18:15

After reading the answers in full and experimenting with most of the answers to this question, I eventually found the procedure that works for me. I want to share it in case someone has to deal with a complex use case, but still do not want to go through all the answers and the gitcredentials, gitcredentials-store etc. man pages, as I did.

Find below the procedure I suggest IF you (like me) have to deal with several repositories from several providers (GitLab, GitHub, Bitbucket, etc.) using several different username / password combinations. If you instead have only a single account to work with, then you might be better off employing the git config --global credential.helper store or git config --global user.name "your username" etc. solutions that have been very well explained in previous answers.

My solution:

Unset global credentials helper, in case some former experimentation gets in the way :)
```
git config --global --unset credentials.helper
```
Move to the root directory of your repo and disable the local credential helper (if needed)
```
cd /path/to/my/repo
git config --unset credential.helper`
```
Create a file to store your repo's credentials into
```
git config credential.helper 'store --file ~/.git_repo_credentials'
```
Note: this command creates a new file named ".git_repo_credentials" into your home directory, to which Git stores your credentials. If you do not specify a file name, Git uses the default ".git_credentials". In this case simply issuing the following command will do:
```
git config credential.helper store
```
set your username
```
git config credential.*.username my_user_name
```
Note: using "*" is usually ok if your repositories are from the same provider (e.g. GitLab). If instead your repositories are hosted by different providers then I suggest to explicitly set the link to the provider for every repository, like in the following example (for GitLab):
```
git config credential.https://gitlab.com.username my_user_name
```

At this point, if you issue a command requiring your credentials (e.g. git pull), you will be asked for the password corresponding to "my_user_name". This is only required once because git stores the credentials to ".git_repo_credentials" and automatically uses the same data at subsequent accesses.

Microminiaturization answered 8/1, 2020 at 12:6 Comment(3)

just to note, here when using * I got: "warning: url has no scheme: * fatal: credential url cannot be parsed: *" . So I had to specify "credential.github.com.username". – Floria 21/11, 2021 at 18:37

(stackoverflow comment replaced the https://github... with github... in my last comment) – Floria 21/11, 2021 at 18:49

The best flexible option to work with several git providers from a single computer.Thanks. If anyone is looking for this behaviour using ssh keys, check your ~/.ssh/config file and add custom ssh key to be used each git server provider – Rutilant 11/8, 2023 at 9:4

From the comment by rofrol, on Linux Ubuntu, from this answer, here's how to do it on Ubuntu:

sudo apt-get install libsecret-1-0 libsecret-1-dev
cd /usr/share/doc/git/contrib/credential/libsecret
sudo make
git config --global credential.helper /usr/share/doc/git/contrib/credential/libsecret/git-credential-libsecret

Some other distributions provide the binary, so you don't have to build it.

In OS X, it typically comes "built" with a default module added of "osxkeychain", so you get it for free. Both the OS X built-in one and the homebrew variety have it present by default.

Vaseline answered 5/7, 2019 at 7:48 Comment(0)

For Windows users, look at the .gitconfig file and check what has been configured for the credential helper. If you have the following...

[credential "helperselector"] selected = wincred

you'll find the credentials in the Windows Credential Manager.

There you can edit the credential.

Note: Wincred has been deprecated, see...

https://github.com/Microsoft/Git-Credential-Manager-for-Windows#notice-this-project-is-no-longer-being-maintained-warning

So alternatively you may want to reconfigure Git to use the built-in Git credential manager...

git config --global credential.helper manager

Butters answered 9/11, 2020 at 0:15 Comment(5)

I am having an issue with the manager-core helper, where my credentials disappear every day - Any clue on how to solve this? – Antiquated 22/12, 2020 at 17:26

The edit was the answer I was looking for, THANKS! – Rubefaction 19/1, 2021 at 12:48

@Antiquated The Credential manager bundled with Git for Windows changed a few times recently so the easiest option is to just download the newest Git for Windows and install over the top and select the credential manager in the installer. The credential manager is a separate utility, which you can see it on GitHub at github.com/microsoft/Git-Credential-Manager-Core, but better to just let the Git for Windows installer, install it, so you know you have version compatibility – Umbrageous 19/3, 2021 at 13:46

The link is broken (404). – Actaeon 8/9, 2021 at 16:59

This was the only command that worked for me in Windows, however after running it I had to do a 'git fetch' and 'git pull origin main' to get the Windows creds window to pop up. Seems to be cached since 👍 – Setaceous 26/8, 2022 at 22:52

If you are using the Git Credential Manager on Windows...

git config -l should show:

credential.helper=manager

However, if you are not getting prompted for a credential then follow these steps:

Open Control Panel from the Start menu
Select User Accounts
Select Manage your credentials in the left hand menu
Delete any credentials related to Git or GitHub

Also ensure you have not set HTTP_PROXY, HTTPS_PROXY, NO_PROXY environmental variables if you have proxy and your Git server is on the internal network.

You can also test Git fetch/push/pull using git-gui which links to credential manager binaries in C:\Users\<username>\AppData\Local\Programs\Git\mingw64\libexec\git-core

Gilmore answered 24/9, 2020 at 2:14 Comment(0)

The GitHub recommendations have now changed, and the best method is also the simplest. Details here

Install Github official cli. E.g. for mac: brew install gh.
type gh auth login in your terminal, then follow the prompts.

Therapsid answered 22/10, 2021 at 18:50 Comment(0)

Two-factor authentication has changed how users authenticate to websites, but Git still assumes users can type a password from memory.

Introducing git-credential-oauth: a Git credential helper that securely authenticates to GitHub, GitLab, BitBucket and other forges using OAuth.

No more passwords! No more personal access tokens! No more SSH keys!

The first time you push, the helper will open a browser window to authenticate. Subsequent pushes within the cache timeout require no interaction.

Install from https://github.com/hickford/git-credential-oauth/releases/

Configure with:

git config --global --unset-all credential.helper
git config --global --add credential.helper "cache --timeout 7200" # two hours
git config --global --add credential.helper oauth

Globule answered 12/11, 2022 at 19:29 Comment(3)

Very nice: a good alternative to GCM on Linux indeed. – Borisborja 13/11, 2022 at 0:33

git: 'credential-oauth' is not a git command. See 'git --help'. – Openeyed 7/2, 2023 at 1:3

@Openeyed make sure the git-credential-oauth binary is in the PATH, and that it is executable – Globule 7/2, 2023 at 6:48

git config --global user.name "your username"
git config --global user.password "your password"

Check

git config --list

Viguerie answered 14/6, 2021 at 8:20 Comment(2)

Please note that this answer states that this is an insecure way of doing this. – Lax 14/6, 2021 at 8:34

What is the secure way Please share secure way some hint Eric Aya – Viguerie 6/11, 2021 at 18:18

For Windows users, this way will work:

Note: If you have enabled two-factor authentication for GitHub, disable it for a while

Step 1

Go to Control Panel → User Accounts → Credential Manager → Windows Credentials
Step 2

Go to the Generic Credentials section → Add a generic credential
Step 3 - Fill in the fields

Internet or network address: git.https://github.com

User name: your GitHub username

Password: your GitHub username

And now click on OK. This will save the password and the username of your GitHub account to your local machine

Bernie answered 6/7, 2021 at 13:30 Comment(0)

On macOS, you can use the system keychain for security. I believe this is the most secure method for websites like Overleaf, which only offers https access (unless you link a github repository of yours).

The following git command activates this functionality.

$ git config --global credential.helper osxkeychain

(Additionally, as I write in the Edit below, make sure you disable other credential helpers so that git won't save your password, e.g., in plain text.) Then, you clone the git repository:

$ git clone https://git.overleaf.com/blahblah

This asks the password. Enter it, and you can see it in macOS' built-in KeyChain Access app.

In this case, you can find the entry for the URL with the name git.overleaf.com, which matches the git URL.

For better security, you can require all apps to ask for your permission. You can remove git from the "Always allow access by these applications" so that even git will not be able to get the password without your permission.

Note:
However, I noticed that some apps can still somehow git pull without my permission. This is weird because, in this case, Overleaf's git repository only offers https access. (I.e. there's no loophole through SSH.) If I change my password, I can temporarily block these apps from doing pull, but after I re-register my new password, these apps can do the pull again... Even if I check "Ask for Keychain password". Might be a misconfiguration or even a bug in macOS (Ventura).

I've opened a Q&A on this in AskDifferent: https://apple.stackexchange.com/questions/459108/keychain-access-loophole-for-git-https

Edit:
I found the problem. Git still had the configuration to store the credential written down in the global settings (~/.git-config). So, you need to make sure you have the settings correct for different resolutions. This includes per-project, global (git config edit --system) and system (git config edit --system) should have the [credential] set to helper = osxkeychain only.

After you edit the settings, check ~/.git-credentials and see there's no password stored unintentionally (in plain text).

Itch answered 26/4, 2023 at 3:5 Comment(0)

Your question:

I want to use a push and pull automatically in Git Extensions, Sourcetree or any other Git GUI without entering my username and password in a prompt, every time.
So how can I save my credentials in Git?

If you are in github or other providers I would recommend not to save them in the Git such as ~/.git-credentials but treat them as Encrypted secrets as they should.

Put the credential to the following format:

https://your_user_name:[email protected]/your_user_name/your_repo_name.git

Put it as encrypted secrets like secrets.REPOSITORY:

Then you can use it to clone either public of private repos along with its submodules as well as to do a push and pull automatically

# put the credentials in a variable
export REPOSITORY=${{ secrets.REPOSITORY }}

# git clone public or private repos
git clone --recurse-submodules -j8 ${REPOSITORY}

# git pull will do automatic
cd /path/to/the/repo
git pull

# git push to a branch in the repo
git add . && \
  git commit -m "Action from ${GITHUB_SHA}" && \
  git push --force $REPOSITORY master:$BRANCH

Racket answered 15/11, 2022 at 2:7 Comment(0)

For gitlab users having the same issue-

you can setup a deploy token to clone or pull from your repository (you can not push code to the repo with a deploy token).

Here you can know more about gitlab deploy tokens: https://docs.gitlab.com/ee/user/project/deploy_tokens/index.html

Once you create the deploy token , use the following to clone a repo :

git clone https://${username}:${deploy_token}@gitlab.com/yourusername/yourreponame.git

I think this approach is better than saving git username and git password globally ( for instance it can be unsafe in a remote shared machine)

Dexamyl answered 9/8, 2022 at 6:41 Comment(3)

Note that if your Git is set with git config --system transfer.credentialsInUrl die, such a URL would not work. – Borisborja 9/8, 2022 at 6:46

Thanks for pointing that out. And I understand it is a security loophole – Dexamyl 9/8, 2022 at 11:27

Yes, depending on the context, those URLs can be banned. – Borisborja 9/8, 2022 at 11:57

For me I kept being asked for credentials because my repo directory somehow had credential.manager set to a blank value.

If you've tried all the other answers, check your config with git config --list --show-origin to make sure you're using the Credential Manager you think you're using.

Louisalouisburg answered 16/1, 2024 at 0:13 Comment(0)

-1

You can just simply modify ~/.git-credentials

then add the following line:

git:https://<user>:<token/password>@gitlab.com

that's it

Superhuman answered 10/1, 2023 at 20:4 Comment(1)

It seems both username and password need to be urlencoded--e.g., if your username is an email, replace @ with %40 , etc. – Aceves 21/2, 2023 at 0:20

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++