As you know, Git is a very popular version control system. It's easy to use and provides convenient command line tools that allow you to manipulate files in the repository. You can track the history of your code. Also it's possible to make branches, create pull requests and so on. The list of features is huge.
However, some of the repositories may be private. And you may need to enter a password to get access to the files. If you do it once, it's not an issue. But, if you have to enter the password multiple times, then it's a time consuming task and may annoy you.
Git already has a solution for such a problem. There is a possibility to store your password in a system file. Once you try to perform some operation in a repository, Git can authenticate you automatically. But this requires additional configuration. See the following sections for more details on how it can be done.
Cloning a private Git repository
Let's start first by cloning the repository. It will show us if the login and password are required to access the source code. If yes, you would have to enter those details in the command line.
git clone https://example.com/path/repository.git
To reduce the amount of work needed to clone a private repository, you may put the username into the URL of that repository. As a result, you will not have to type that information in the command line. See the example below.
git clone https://<YOURUSERNAME>@example.com/path/repository.git
In addition, it is possible to create a URL of the repository that also contains the password. See how to make it in the following sample.
git clone https://<YOURUSERNAME>:<YOURPASSWORD>@example.com/path/repository.git
How to store user credentials on disk
Git has a special utility that allows you to store username and password on a disk. Next time you try to access a private repository, Git tool will take those details from a special file on disk.
It may look like a nice feature. However, the issue is that this solution is not secure. Someone can view the file contents and find the password that is used by the user.
Just in case you want to use this feature, the following is the command that has to be executed in the terminal. But please pay attention that it enables the credential helper only locally for the specific repository.
git config credential.helper store
If you need to enable this feature globally, then you would have to use the --global command line option. See below how it can be done.
git config --global credential.helper store
By default, username and password are stored into the .git-credentials file which is saved in the directory of the current user.
Below, you can see the format of that file. The username and password are stored in a raw format.
This step is optional, however you can also configure where to save the user credentials. If using the default configuration is not a secure option, then you can save the user data into some other place.
Following command configures the Git to store username and password into the ~/.custom-credentials file on disk
git config --global credential.helper 'store --file ~/.custom-credentials'
The full URL of that file may look like the following:
Reviewing Git configuration file
If you have decided to enable the credential helper globally, then Git will store its settings into the ~/.gitconfig file on disk. If you are curious, you can print the contents of that file into the screen with help of the cat command. See our example below.
developer@developer-pc:~/samples$ cat ~/.gitconfig [user] email = email@example.com [credential] helper = store
How to store user credentials in memory
Git also allows you to store username and password in the computer memory. This method is more secure than the previous one, because there data is not stored on a disk. User credentials will be kept in memory until the cache expires or your system restarts.
To enable this feature for a specific repository, you have to use the command like it's shown below.
git config credential.helper cache
This option also may be enabled globally. In that case, you have to use the --global option, like it's shown in the following sample.
git config --global credential.helper cache
Default timeout is 900 seconds. However, you can change this value. See how to do it below.
git config --global credential.helper 'cache --timeout=3600'
Reviewing Git configuration file
In case if you enabled a global memory cache, you can confirm that this option was actually saved by reviewing the ~/.gitconfig file. It should contain the helper = cache setting in the file content.
See below how to print the content of that file in the Linux terminal.
developer@developer-pc:~/samples$ cat ~/.gitconfig [user] email = firstname.lastname@example.org [credential] helper = cache
Terminating the daemon
If you need to clear the memory cache before it expires, then you have to use the "git credential-cache exit" command. It will terminate the daemon which is responsible for storing the authentication data.
git credential-cache exit
Using the SSH key to connect to the Git repository
You can also use the SSH key to access the remote Git server. That's another option that may speed up your work. There is no need to manually enter user details when you connect to the repository. Git will use the key file to authenticate the user.
Just to show how this method works, we've created a very simple tutorial. As an example, the repository will be hosted on the BitBucket Git repository. To connect to the server, we may use either the RSA or Ed25519 key.
At the time of writing this guide, each key works. However, it's highly recommended that you check the latest instructions for your version control system. Your Git provider may have some specific requirements and you may need to follow them.
We will use the Ubuntu terminal to generate the keys. Any other system is also acceptable, as long as the ssh-keygen tool is installed and available in the terminal.
Using the RSA key
The first step is to generate the key. To do that, you have to run the command, like it's shown below. Please pay attention that you may need to enter your email address.
ssh-keygen -t rsa -b 2048 -C "email@example.com"
Also, as you may see, the strength of the key is 2048 bits. That's the minimum size that is accepted by BitBucket for the RSA key. But you can increase that value to the desired size.
Let's print the public key to the console. You can do it with the help of the cat command.
After that, the key has to be added to your account in the BitBucket settings panel. This will allow the Git server to authenticate the remote user. Also, you may need to see the up-to-date guide of the BitBucket to see how this step has to be done.
Now, we can add the RSA key to the SSH agent. That allows the system to automatically authenticate you when you access the remote Git server. See how it can be done below.
Ok, it's time to test the connection. You may try to clone some private Git repository. If all is fine, the source code will appear on your disk.
Example is shown below. You have to replace the given sample address with the actual address of your repository.
git clone firstname.lastname@example.org:username/repository.git
Using the Ed25519 key
You may also try to use the Ed25519 key to connect to the remote Git repository. It's considered to be safer than the RSA key. Also, the Ed25519 key may work a little faster.
The configuration would be very similar to what is described in the previous section of this guide. To generate the key, you have to run the ssh-keygen command. The "-t" flag must be set to the ed25519 value, as shown below.
ssh-keygen -t ed25519 -b 4096 -C "email@example.com"
After that, you can print the contents of the file to the console. The cat tool should help you. Although, you may use any other text editor to open the file.
Now, you have to copy the public key. Then, it has to be added to the settings panel of your BitBucket account. There should be a special section that allows you to manage the SSH keys.
The next step is to configure the SSH agent. Following is an example of how to do it. You need to execute the ssh-add tool with a path to the private file.
At this moment, everything is ready to test the connection. You can clone the repository and see if you are able to access the source code. Example is given below.
git clone firstname.lastname@example.org:username/repository.git
Which method is safer to use
If you choose to use the disk cache, you have to be aware that this method is not secure. The password is stored in a file. This method seems to be a quick and easy to use solution. But on the other side, someone can get access to the file and see the user credentials that are used to connect to the remote repository. In most cases it's better to not store username and password in a plain text form.
The memory cache option is a little better, since the credentials are stored in a cache. However, this method is also not the strongest, and the data can be dumped from the memory.
In addition, you may consider using the SSH key that is password protected. But that method requires additional configuration. Your operating system should have tools that are necessary to generate the required keys.
There may be cases when you need to access the repository often. Like doing constant updates to the codebase, or working with different projects, etc. And it may be annoying to enter username and password each time you login into the repository.
Git does have a solution for such a problem. You can use the disk or memory cache. Also, it's possible to connect to the repository with the help of the SSH key. But that step is more complicated and requires a good knowledge of cryptography and system tools.