Categories
credentials git git-config git-extensions

How can I save username and password in Git?

2265

I want to use a push and pull automatically in Git Extensions, Sourcetree or any other Git GUI without entering my username and password in a prompt, every time.

So how can I save my credentials in Git?

4

3773

Attention: This method saves the credentials in plaintext on your PC’s disk. Everyone on your computer can access it, e.g. malicious NPM modules.

Run

git config --global credential.helper store

then

git pull

provide a username and password and those details will then be remembered later. The credentials are stored in a file on the disk, with the disk permissions of “just user readable/writable” but still in plaintext.

If you want to change the password later

git pull

Will fail, because the password is incorrect, git then removes the offending user+password from the ~/.git-credentials file, so now re-run

git pull

to provide a new password so it works as earlier.

19

  • 21

    for Debian/Ubuntu use libsecret stackoverflow.com/questions/36585496/…

    – rofrol

    Oct 2, 2017 at 14:29

  • 175

    Note that this will store your username and password in a plain text file at ~/.git-credentials. Anyone can open it and read it.

    – RoboAlex

    Sep 24, 2018 at 4:13

  • 6

    and use this if you want to forget : git config –global credential.helper forget

    – jacktrade

    Oct 23, 2019 at 10:22

  • 39

    I think it’s worth pointing out that one may want to skip the --global to only store the password for one repository (when pulling and pushing) but not for any other repository (which might be on a different hoster, with different credentials that one might not want to store for whatever reasons)

    – pseyfert

    Nov 26, 2019 at 10:04

  • 25

    @RoboAlex’s comment is popular but the protections on ~/.git-credentials are no different than a private key like ~/.ssh/id_rsa. So if you don’t have a password on your private key then ~/git-credentials is no worse than ssh keys

    – Jason S

    Mar 19, 2021 at 13:05

568

You can use the git config to enable credentials storage in Git.

git config --global credential.helper store

When running this command, the first time you pull or push from the remote repository, you’ll get asked about the username and password.

Afterwards, for consequent communications with the remote repository you don’t have to provide the username and password.

The storage format is a .git-credentials file, stored in plaintext.

Also, you can use other helpers for the git config credential.helper, namely memory cache:

git config credential.helper 'cache --timeout=<timeout>'

which takes an optional timeout parameter, determining for how long the credentials will be kept in memory. Using the helper, the credentials will never touch the disk and will be erased after the specified timeout. The default value is 900 seconds (15 minutes).


Warning: If you use this method, your Git account passwords will be saved in plaintext format, in the global .gitconfig file, e.g in Linux it will be /home/[username]/.gitconfig.

If this is undesirable to you, use an ssh key for your accounts instead.

12

  • 3

    Wish you showed the .gitconfig file – the first command has been overwritten by the second 🙁

    – Adam

    Mar 8, 2017 at 13:24

  • 14

    For git config credential.helper cache the passwords will not be saved to a file, only stored in memory. See: git-scm.com/docs/git-credential-cache

    – S.A.

    Jul 20, 2019 at 6:11

  • 2

    Does not work. Gives fatal: Authentication failed. Doesnt even ask for password.

    Oct 1, 2019 at 18:41


  • 7

    Just as an addendum – your private ssh-key will also be stored in plaintext in a user-accessible location, so in essence the same attack surface in both cases.

    – Falco

    Jan 7, 2020 at 11:48

  • 1

    That doesnt add the time out, see @Andreas Bigger comment below: git config –global credential.helper ‘cache –timeout=3600’

    Apr 30, 2020 at 13:17

431

Recommended and secure method: SSH

Create an SSH GitHub key. Go to github.comSettingsSSH and GPG keysNew SSH Key. Now save your private key to your computer.

Then, if the private key is saved as id_rsa in the ~/.ssh/ directory, we add it for authentication as such:

ssh-add -K ~/.ssh/id_rsa

A more secure method: Caching

We can use git-credential-cache to cache our username and password for a time period. Simply enter the following in your CLI (terminal or command prompt):

git config --global credential.helper cache

You can also set the timeout period (in seconds) as such:

git config --global credential.helper 'cache --timeout=3600'

16

  • 39

    This did not work for me, git clone still asks for the username and password

    – Oliver

    Dec 20, 2018 at 5:09

  • 15

    i do not recommend storing your password like this because “git config –global -l” would reveal your password on the console

    – CCC

    Dec 26, 2018 at 8:02

  • 3

    This is not working for me. It is strange that it should work for anyone, since in gitconfig’s specification there is no room for “password”

    Nov 28, 2019 at 18:12

  • 3

    If you use the SSH method, you’ll need to start using SSH URLs instead of git URLs – stackoverflow.com/questions/14762034/…

    – yndolok

    Feb 24, 2021 at 3:32

  • 16

    “An even less secure method”. Have to disagree. Does anyone here realise your passwordless private ssh key (the whole point of the question is to avoid typing your password) is stored in plain text (by default in ~/.ssh/id_rsa, no more securely than ~/.git-credentials ? Also the credential.helper store method does not put the password / token in .gitconfig Also due to quirks of sites like GitHub you get more fine-grained control over permissions on a Personal Access Token than an SSH public key. So for that specific case I’d say PAT with credential helper is “more secure”

    – Jason S

    Mar 19, 2021 at 13:21