From: M Hickford <mirth.hickford@xxxxxxxxx> git-credential-store saves credentials unencrypted on disk. It is the least secure choice of credential helper. Nevertheless, it appears several times more popular than any other credential helper [1]. Inform users about more secure alternatives. [1] https://stackoverflow.com/questions/35942754/how-can-i-save-username-and-password-in-git Signed-off-by: M Hickford <mirth.hickford@xxxxxxxxx> --- Documentation/gitcredentials.txt | 41 ++++++++++++++++++++++---------- 1 file changed, 29 insertions(+), 12 deletions(-) diff --git a/Documentation/gitcredentials.txt b/Documentation/gitcredentials.txt index 35a7452c8fe..3337bb475de 100644 --- a/Documentation/gitcredentials.txt +++ b/Documentation/gitcredentials.txt @@ -66,18 +66,7 @@ storage provided by the OS or other programs. Alternatively, a credential-generating helper might generate credentials for certain servers via some API. -To use a helper, you must first select one to use. Git currently -includes the following helpers: - -cache:: - - Cache credentials in memory for a short period of time. See - linkgit:git-credential-cache[1] for details. - -store:: - - Store credentials indefinitely on disk. See - linkgit:git-credential-store[1] for details. +To use a helper, you must first select one to use (see below for a list). You may also have third-party helpers installed; search for `credential-*` in the output of `git help -a`, and consult the @@ -106,6 +95,28 @@ $ git config --global credential.helper foo === Available helpers +Git currently includes the following helpers: + +cache:: + + Cache credentials in memory for a short period of time. See + linkgit:git-credential-cache[1] for details. + +store:: + + Store credentials indefinitely on disk. See + linkgit:git-credential-store[1] for details. + +Popular helpers with secure persistent storage include: + + - git-credential-libsecret (Linux) + + - git-credential-osxkeychain (macOS) + + - git-credential-wincred (Windows) + + - https://github.com/git-ecosystem/git-credential-manager[Git Credential Manager] (cross platform, included in Git for Windows) + The community maintains a comprehensive list of Git credential helpers at https://git-scm.com/doc/credential-helpers. @@ -116,6 +127,12 @@ OAuth credential helper. Initial authentication opens a browser window to the host. Subsequent authentication happens in the background. Many popular Git hosts support OAuth. +Popular helpers with OAuth support include: + + - https://github.com/git-ecosystem/git-credential-manager[Git Credential Manager] (cross platform, included in Git for Windows) + + - https://github.com/hickford/git-credential-oauth[git-credential-oauth] (cross platform, included in many Linux distributions) + CREDENTIAL CONTEXTS ------------------- -- gitgitgadget
