Jeff King <peff@xxxxxxxx> writes:
> There's an example of using your own bit of shell to act as a credential
> helper, but it's not very realistic:
>
> - It's stupid to hand out your secret password to _every_ host. In the
> real world you'd use the config-matcher to limit it to a particular
> host.
>
> - We never provided a username. We can easily do that in another config
> option (you can do it in the helper, too, but this is much more
> readable).
>
> - We were sending the secret even for store/erase operations. This
> is OK because Git would just ignore it, but a real system would
> probably be unlocking a password store, which you wouldn't want to do
> more than necessary.
All of them make sense, but I do not think we want to encourage that
loose style of passing unquoted argument to echo to lose embedded
$IFS spaces that is not a SP.
> Signed-off-by: Jeff King <peff@xxxxxxxx>
> ---
> This is in fact very close to what's in my own ~/.gitconfig, except that
> I swap out "cat" for the "pass" tool.
>
> Documentation/gitcredentials.txt | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/Documentation/gitcredentials.txt b/Documentation/gitcredentials.txt
> index 8a20343dd7..63b20fc6a5 100644
> --- a/Documentation/gitcredentials.txt
> +++ b/Documentation/gitcredentials.txt
> @@ -233,8 +233,9 @@ helper = "foo --bar='whitespace arg'"
> helper = "/path/to/my/helper --with-arguments"
>
> # or you can specify your own shell snippet
> -[credential]
> -helper = "!f() { echo password=$(cat $HOME/.secret); }; f"
> +[credential "https://example.com";]
> +username = your_user
> +helper = "!f() { test $1 = get && echo password=$(cat $HOME/.secret); }; f"
> ----------------------------------------------------
>
> Generally speaking, rule (3) above is the simplest for users to specify.
