Libsecret - remember Git credentials in Linux Mint and Ubuntu securely

Typing username and password every push is burdensome and irritating… libsecret git credential storage to the rescue.

When you want to use external git repository hosting service, like Gitlab or GitHub you need to authorise yourself. Git has built in credential helper mechanism, which allows choosing the way you have credentials persisted. It gives you two options out of the box, but you’re not limited to them - you can install third party solution.

Cache credential helper (out of the box)

Cache is quite secure because keeps data only in memory. It’s fine for security, but every time you open new session, you need to type credentials again. Memory is purged after 900 seconds (15 min) by default, but it can be changed with optional timeout parameter.

If for some reason you don’t want to install anything, at least use cache :)

git config --global credential.helper 'cache --timeout=300'

Official description - git-scm.com/docs/git-credential-cache

Store credential helper (out of the box)

Store keeps your username and password in… plain text file! It’s totally insecure and use it only if you don’t care about your account (for example during some kind of workshops).

git config --global credential.helper store

Official description - git-scm.com/docs/git-credential-store

Git Credential Manager for Mac and Linux (by Microsoft)

Windows users are familiar with convenient Git Credential Manager for Windows which is integrated with OS way of storing credentials. It can be installed with official wizard or during git installation on Windows (there is checkbox to select). And recently Microsoft announced release of… Git Credential Manager for Mac and Linux. I was positively surprised, till I tried to use it on my Linux Mint 19 Tara. Installation was successful (but not without complications) and attempt to use it ended up with error:

Fatal: java.lang.RuntimeException encountered. Details: 
Secure credential storage is not available on this operating system. You may opt-in to store credentials in an unencrypted file under your user home directory by running 'git config --global credential.canFallBackToInsecureStore true'.
fatal: credential helper '!/usr/lib/jvm/java-11-openjdk-amd64/bin/java -Ddebug=false -Djava.net.useSystemProxies=true -jar /home/linuxbrew/.linuxbrew/Cellar/git-credential-manager/2.0.4/libexec/git-credential-manager-2.0.4.jar' told us to quit

I have opened the issue and till now I haven’t received any response (more than 2 months) and recently I have seen the same issue created for Ubuntu 18.04. So currently it doesn’t work on Linux Mint and Ubuntu.

Official description - github.com/Microsoft/Git-Credential-Manager-for-Mac-and-Linux

Libsecret git credential storage (by GNOME)

The best way to store Git credentials on Linux used to be GNOME Keyring (libgnome-keyring), but as it is specific to GNOME, it is deprecated since January 2014. For Git versions 2.11+ you should use credential helper based on libsecret. Installation and configuration takes only 4 bash commands :)

sudo apt-get install libsecret-1-0 libsecret-1-dev
cd /usr/share/doc/git/contrib/credential/libsecret
sudo make
git config --global credential.helper /usr/share/doc/git/contrib/credential/libsecret/git-credential-libsecret

That’s all, next time when you’ll be asked for your username and password will be the last time on this device :)

Official description - wiki.gnome.org/Projects/Libsecret

How to secure SSH credentials

Above credential managers work only if you use http(s), which is usual case. If you have to use SSH protocol, I have described how to skip asking for credentials with SSH key-pair in safe manner, in another article.


As you see it’s not difficult to protect your credentials and not have to type them all the time. If it doesn’t work for you or you have some question or unusual case, feel free to ask me in comments, I will do my best to help you.
If you know someone who uses unsafe credential manager or doesn’t use manager at all, send him this article, I will appreciate it :)



Passionate focused on agile software development and decentralized systems

Read More