All geek questions in one place

How to safely save git credentials?

I recently searched for a solution on how to safely save git credentials in CentOS 7 .

I want to save credentials for multiple git repositories.

The solution I came up with is to use gnome-keyring with any version of git. but I ran into some problems. and I found many posts saying that this is not a good solution in Redhat 7 or Centos 7 . and it will be obsolete.

git config --global credential.helper /usr/share/doc/git/contrib/credential/gnome-keyring/git-credential-gnome-keyrin

But this did not work for me, error when using git:

communication error with gnome-keyring-daemon

then i updated git latest version 2.11 + to use libsecret, which seems easier to use.

I did the same.

 git config --global credential.helper /usr/share/doc/git/contrib/credential/libsecret/git-credential-libsecret

And it seems to work as expected. my question is a good solution for keeping git credentials safe? Do you know any other solution for saving git credentials on a CentOS machine?

+3
source share
1 answer

is a good solution to save git credentials securely?

Yes, as I documented in Error while using the git credential helper with gnome-keyring as sudo . "
libsecret implements the XDG Secret Service API .

This is the current official library.

An update to git 2.15.x / 2.16 (Q1 2018), where the credential assistant for libsecret (in contrib/ ) was improved to allow, possibly, inducing the end user to unlock secrets that are currently locked (otherwise secrets may not load )

See commit 9c109e9 (November 03, 2017) Dennis Kaarsemker ( seveas ) .
(Merger of Junio ​​C Hamano - gitster - commit to 906329f , November 9, 2017)

credential-libsecret : unlock locked secrets

The credentials provided by the DBUS secret service may be blocked.
Setting the SECRET_SEARCH_UNLOCK flag SECRET_SEARCH_UNLOCK force the secret service to unlock these secrets, possibly by offering the user credentials for this.
Without this flag, the secret is simply not loaded.

+1
source

Source: https://habr.com/ru/post/1246312/

More articles:


All Articles