[PATCH v2 1/2] docs: list popular credential helpers

public inbox for git@vger.kernel.org 
 help / color / mirror / Atom feed

From: "M Hickford via GitGitGadget" <gitgitgadget@gmail•com>
To: git@vger•kernel.org
Cc: M Hickford <mirth.hickford@gmail•com>,
	M Hickford <mirth.hickford@gmail•com>
Subject: [PATCH v2 1/2] docs: list popular credential helpers
Date: Fri, 10 Jan 2025 22:54:36 +0000	[thread overview]
Message-ID: <097eb0e877628c0ac51a8699acaaf5e15d0e2cae.1736549677.git.gitgitgadget@gmail.com> (raw)
In-Reply-To: <pull.1851.v2.git.1736549677.gitgitgadget@gmail.com>

From: M Hickford <mirth.hickford@gmail•com>

git-credential-store saves credentials unencrypted on disk. It is the
least secure choice of credential helper. Nevertheless, it appears
several times more popular than any other credential helper [1].

Inform users about more secure alternatives.

[1] https://stackoverflow.com/questions/35942754/how-can-i-save-username-and-password-in-git

Signed-off-by: M Hickford <mirth.hickford@gmail•com>
---
 Documentation/gitcredentials.txt | 41 ++++++++++++++++++++++----------
 1 file changed, 29 insertions(+), 12 deletions(-)

diff --git a/Documentation/gitcredentials.txt b/Documentation/gitcredentials.txt
index 35a7452c8fe..3337bb475de 100644
--- a/Documentation/gitcredentials.txt
+++ b/Documentation/gitcredentials.txt
@@ -66,18 +66,7 @@ storage provided by the OS or other programs. Alternatively, a
 credential-generating helper might generate credentials for certain servers via
 some API.
 
-To use a helper, you must first select one to use. Git currently
-includes the following helpers:
-
-cache::
-
-	Cache credentials in memory for a short period of time. See
-	linkgit:git-credential-cache[1] for details.
-
-store::
-
-	Store credentials indefinitely on disk. See
-	linkgit:git-credential-store[1] for details.
+To use a helper, you must first select one to use (see below for a list).
 
 You may also have third-party helpers installed; search for
 `credential-*` in the output of `git help -a`, and consult the
@@ -106,6 +95,28 @@ $ git config --global credential.helper foo
 
 === Available helpers
 
+Git currently includes the following helpers:
+
+cache::
+
+    Cache credentials in memory for a short period of time. See
+    linkgit:git-credential-cache[1] for details.
+
+store::
+
+    Store credentials indefinitely on disk. See
+    linkgit:git-credential-store[1] for details.
+
+Popular helpers with secure persistent storage include:
+
+    - git-credential-libsecret (Linux)
+
+    - git-credential-osxkeychain (macOS)
+
+    - git-credential-wincred (Windows)
+
+    - https://github.com/git-ecosystem/git-credential-manager[Git Credential Manager] (cross platform, included in Git for Windows)
+
 The community maintains a comprehensive list of Git credential helpers at
 https://git-scm.com/doc/credential-helpers.
 
@@ -116,6 +127,12 @@ OAuth credential helper. Initial authentication opens a browser window to the
 host. Subsequent authentication happens in the background. Many popular Git
 hosts support OAuth.
 
+Popular helpers with OAuth support include:
+
+    - https://github.com/git-ecosystem/git-credential-manager[Git Credential Manager] (cross platform, included in Git for Windows)
+
+    - https://github.com/hickford/git-credential-oauth[git-credential-oauth] (cross platform, included in many Linux distributions)
+
 CREDENTIAL CONTEXTS
 -------------------
 
-- 
gitgitgadget

next prev parent reply	other threads:[~2025-01-10 22:54 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-01-09 21:26 [PATCH] docs: discuss caching personal access tokens M Hickford via GitGitGadget
2025-01-10 18:16 ` Junio C Hamano
2025-01-10 19:11   ` rsbecker
2025-01-10 21:25   ` M Hickford
2025-01-10 22:54 ` [PATCH v2 0/2] " M Hickford via GitGitGadget
2025-01-10 22:54   ` M Hickford via GitGitGadget [this message]
2025-01-10 22:54   ` [PATCH v2 2/2] " M Hickford via GitGitGadget

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:35a7452c8f dfblob:3337bb475d )
 OR (
bs:"[PATCH v2 1/2] docs: list popular credential helpers" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=097eb0e877628c0ac51a8699acaaf5e15d0e2cae.1736549677.git.gitgitgadget@gmail.com \
    --to=gitgitgadget@gmail$(echo .)com \
    --cc=git@vger$(echo .)kernel.org \
    --cc=mirth.hickford@gmail$(echo .)com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox