14

Storing git credentials with the command:

git config credential.helper store

stores them unencrypted in a plain text under ~/.git-credentials.

In MacOS and Windows, GitHub Help suggests to use keystores which encrypt your credentials using osxkeychain and wincred respectively. In Linux however there is no mention about how to encrypt your git credentials. Are you aware of a way on how to do that ?

pgmank
  • 734
  • 2
  • 8
  • 22
  • As an alternative you can authenticate with your ssh key which is more secure – Dominic Motuka Jul 09 '16 at 14:56
  • @daumie how is it more secure? `access_token` are giving access only to git over http, not ssh, it is made to expire and be renewed. It is as much portable as an `access_token` except it is harder to remember by hearth. – Dimitri Kopriwa Oct 03 '18 at 04:57
  • IIUC, access_token is a form of password, sent to the server over TLS. If the TLS security of HTTPS connection is somehow compromised (computer got rogue CA root in trust store, sadly common with corporate spyware / CA compromise / revoked cert used / openssl bug / ...), I attacker could steal it and get access. SSH uses asymmetric crypto such that even if connection gets decrypted, attacker does _not_ learn the secret key. That's one point, don't know which is safer in practice... – Beni Cherniavsky-Paskin Jun 23 '21 at 09:54
  • counterpoint: almost nobody checks SSH machine certs in practice (example script: https://github.com/cben/myenv/blob/master/check-github-ssh-fingerprint.sh, see links there), people just press Yes on first connection, so that's a real risk of MITM compared to HTTPS certifying server domain. It's just the consequences of MITM are less catastrophic. ⚖ – Beni Cherniavsky-Paskin Jun 23 '21 at 09:58

0 Answers0