Git Credential Helpers
In the most recent major release of git (1.7.9.x), a new "credential API" was introduced. This allows you to store supplied HTTP credentials in a variety of containers (OS X's keychain, in-memory cache and plain-text flat file). This is a major step forward in usability for anyone cloning repositories over HTTP/HTTPS. Before, you either had to enter your username and password every time you interacted with the remote server or use the insecure method of embedding your password in plain-text in the ~/.netrc file.
The documentation for this new API can be obtained via git help credentials. By default, git comes with 2 methods of caching supplied HTTP/HTTPS credentials: an in-memory cache and a plain-text on-disk store. Probably the more interesting however, is the osxkeychain helper in contrib. It is available by default if you build git via MacPorts. This helper will store your username and password securely in OS X's keychain. In order to activate this helper for all repositories by default, do the following:
git config --global credential.helper osxkeychain
After the next interaction with a remote git repository over HTTP/HTTPS, git will store your supplied credentials in your login keychain. You can confirm by using the Keychain Access utility and searching for the domain name hosting the repository.
If you install git via MacPorts, you can ensure you have the helper installed by typing the following:
$ port installed | grep git git-core @18.104.22.168_0+credential_osxkeychain+doc+pcre+python27 (active)
The credentials_osxkeychain variant confirms we have a functioning setup.
While not quite as exciting as keychain storage, the ability to cache credentials in memory can be extremely useful when operating on a remote server. This can be activated via:
git config --global credential.helper cache
The default is to cache values in memory for 15 minutes (see git help credential-cache for available options). After the next time you access a repository over HTTP/HTTPS, you should see a process similar to the following running:
davidb 44198 0.0 0.0 2438820 1164 s002 S 2:29PM 0:00.00 git-credential-cache--daemon /Users/davidb/.git-credential-cache/socket
If you a are a Plone developer using mr.developer with repositories hosted over HTTP or HTTPS, these new options will be an extremely welcome addition to your toolset.
Interested in more technical opinions and reviews? Sign up for our mailing list.