Libsecret - remember Git credentials in Linux Mint and Ubuntu securely
Typing username and password every push is burdensome and irritating… libsecret git credential storage to the rescue.
When you want to use external git repository hosting service, like Gitlab or GitHub you need to authorise yourself.
Git has built in credential helper mechanism, which allows choosing the way you have credentials persisted.
It gives you two options out of the box, but you’re not limited to them - you can install third party solution.
Cache credential helper (out of the box)
Cache is quite secure because keeps data only in memory. It’s fine for security, but every time you open new session, you need to type credentials again.
Memory is purged after 900 seconds (15 min) by default, but it can be changed with optional timeout parameter.
If for some reason you don’t want to install anything, at least use cache :)
Git Credential Manager for Mac and Linux (by Microsoft)
Windows users are familiar with convenient Git Credential Manager for Windows which is integrated with OS way of storing credentials. It can be installed with official wizard or during git installation on Windows (there is checkbox to select).
And recently Microsoft announced release of… Git Credential Manager for Mac and Linux. I was positively surprised, till I tried to use it on my Linux Mint 19 Tara. Installation was successful (but not without complications) and attempt to use it ended up with error:
I have opened the issue and till now I haven’t received any response (more than 2 months) and recently I have seen the same issue created for Ubuntu 18.04. So currently it doesn’t work on Linux Mint and Ubuntu.
The best way to store Git credentials on Linux used to be GNOME Keyring (libgnome-keyring), but as it is specific to GNOME, it is deprecated since January 2014.
For Git versions 2.11+ you should use credential helper based on libsecret.
Installation and configuration takes only 4 bash commands :)
That’s all, next time when you’ll be asked for your username and password will be the last time on this device :)
Above credential managers work only if you use http(s), which is usual case. If you have to use SSH protocol,
I have described how to skip asking for credentials with SSH key-pair in safe manner, in another article.
As you see it’s not difficult to protect your credentials and not have to type them all the time.
If it doesn’t work for you or you have some question or unusual case, feel free to ask me in comments, I will do my best to help you.
If you know someone who uses unsafe credential manager or doesn’t use manager at all, send him this article, I will appreciate it :)