git-commit-vandalism/Documentation/gitcredentials.txt

195 lines
6.5 KiB
Plaintext
Raw Normal View History

gitcredentials(7)
=================
NAME
----
gitcredentials - providing usernames and passwords to Git
SYNOPSIS
--------
------------------
git config credential.https://example.com.username myusername
git config credential.helper "$helper $options"
------------------
DESCRIPTION
-----------
Git will sometimes need credentials from the user in order to perform
operations; for example, it may need to ask for a username and password
in order to access a remote repository over HTTP. This manual describes
the mechanisms Git uses to request these credentials, as well as some
features to avoid inputting these credentials repeatedly.
REQUESTING CREDENTIALS
----------------------
Without any credential helpers defined, Git will try the following
strategies to ask the user for usernames and passwords:
1. If the `GIT_ASKPASS` environment variable is set, the program
specified by the variable is invoked. A suitable prompt is provided
to the program on the command line, and the user's input is read
from its standard output.
2. Otherwise, if the `core.askPass` configuration variable is set, its
value is used as above.
3. Otherwise, if the `SSH_ASKPASS` environment variable is set, its
value is used as above.
4. Otherwise, the user is prompted on the terminal.
AVOIDING REPETITION
-------------------
It can be cumbersome to input the same credentials over and over. Git
provides two methods to reduce this annoyance:
1. Static configuration of usernames for a given authentication context.
2. Credential helpers to cache or store passwords, or to interact with
a system password wallet or keychain.
The first is simple and appropriate if you do not have secure storage available
for a password. It is generally configured by adding this to your config:
---------------------------------------
[credential "https://example.com"]
username = me
---------------------------------------
Credential helpers, on the other hand, are external programs from which Git can
request both usernames and passwords; they typically interface with secure
storage provided by the OS or other programs.
To use a helper, you must first select one to use. Git currently
includes the following helpers:
cache::
Cache credentials in memory for a short period of time. See
linkgit:git-credential-cache[1] for details.
store::
Store credentials indefinitely on disk. See
linkgit:git-credential-store[1] for details.
You may also have third-party helpers installed; search for
`credential-*` in the output of `git help -a`, and consult the
documentation of individual helpers. Once you have selected a helper,
you can tell Git to use it by putting its name into the
credential.helper variable.
1. Find a helper.
+
-------------------------------------------
$ git help -a | grep credential-
credential-foo
-------------------------------------------
2. Read its description.
+
-------------------------------------------
$ git help credential-foo
-------------------------------------------
3. Tell Git to use it.
+
-------------------------------------------
$ git config --global credential.helper foo
-------------------------------------------
CREDENTIAL CONTEXTS
-------------------
Git considers each credential to have a context defined by a URL. This context
is used to look up context-specific configuration, and is passed to any
helpers, which may use it as an index into secure storage.
For instance, imagine we are accessing `https://example.com/foo.git`. When Git
looks into a config file to see if a section matches this context, it will
consider the two a match if the context is a more-specific subset of the
pattern in the config file. For example, if you have this in your config file:
--------------------------------------
[credential "https://example.com"]
username = foo
--------------------------------------
then we will match: both protocols are the same, both hosts are the same, and
the "pattern" URL does not care about the path component at all. However, this
context would not match:
--------------------------------------
[credential "https://kernel.org"]
username = foo
--------------------------------------
because the hostnames differ. Nor would it match `foo.example.com`; Git
compares hostnames exactly, without considering whether two hosts are part of
the same domain. Likewise, a config entry for `http://example.com` would not
match: Git compares the protocols exactly.
If the "pattern" URL does include a path component, then this too must match
exactly: the context `https://example.com/bar/baz.git` will match a config
entry for `https://example.com/bar/baz.git` (in addition to matching the config
entry for `https://example.com`) but will not match a config entry for
`https://example.com/bar`.
CONFIGURATION OPTIONS
---------------------
Options for a credential context can be configured either in
docs: stop using asciidoc no-inline-literal In asciidoc 7, backticks like `foo` produced a typographic effect, but did not otherwise affect the syntax. In asciidoc 8, backticks introduce an "inline literal" inside which markup is not interpreted. To keep compatibility with existing documents, asciidoc 8 has a "no-inline-literal" attribute to keep the old behavior. We enabled this so that the documentation could be built on either version. It has been several years now, and asciidoc 7 is no longer in wide use. We can now decide whether or not we want inline literals on their own merits, which are: 1. The source is much easier to read when the literal contains punctuation. You can use `master~1` instead of `master{tilde}1`. 2. They are less error-prone. Because of point (1), we tend to make mistakes and forget the extra layer of quoting. This patch removes the no-inline-literal attribute from the Makefile and converts every use of backticks in the documentation to an inline literal (they must be cleaned up, or the example above would literally show "{tilde}" in the output). Problematic sites were found by grepping for '`.*[{\\]' and examined and fixed manually. The results were then verified by comparing the output of "html2text" on the set of generated html pages. Doing so revealed that in addition to making the source more readable, this patch fixes several formatting bugs: - HTML rendering used the ellipsis character instead of literal "..." in code examples (like "git log A...B") - some code examples used the right-arrow character instead of '->' because they failed to quote - api-config.txt did not quote tilde, and the resulting HTML contained a bogus snippet like: <tt><sub></tt> foo <tt></sub>bar</tt> which caused some parsers to choke and omit whole sections of the page. - git-commit.txt confused ``foo`` (backticks inside a literal) with ``foo'' (matched double-quotes) - mentions of `A U Thor <author@example.com>` used to erroneously auto-generate a mailto footnote for author@example.com - the description of --word-diff=plain incorrectly showed the output as "[-removed-] and {added}", not "{+added+}". - using "prime" notation like: commit `C` and its replacement `C'` confused asciidoc into thinking that everything between the first backtick and the final apostrophe were meant to be inside matched quotes - asciidoc got confused by the escaping of some of our asterisks. In particular, `credential.\*` and `credential.<url>.\*` properly escaped the asterisk in the first case, but literally passed through the backslash in the second case. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2012-04-26 10:51:57 +02:00
`credential.*` (which applies to all credentials), or
`credential.<url>.*`, where <url> matches the context as described
above.
The following options are available in either location:
helper::
The name of an external credential helper, and any associated options.
If the helper name is not an absolute path, then the string `git
credential-` is prepended. The resulting string is executed by the
shell (so, for example, setting this to `foo --option=bar` will execute
`git credential-foo --option=bar` via the shell. See the manual of
specific helpers for examples of their use.
+
If there are multiple instances of the `credential.helper` configuration
variable, each helper will be tried in turn, and may provide a username,
password, or nothing. Once Git has acquired both a username and a
password, no more helpers will be tried.
+
If `credential.helper` is configured to the empty string, this resets
the helper list to empty (so you may override a helper set by a
lower-priority config file by configuring the empty-string helper,
followed by whatever set of helpers you would like).
username::
A default username, if one is not provided in the URL.
useHttpPath::
By default, Git does not consider the "path" component of an http URL
to be worth matching via external helpers. This means that a credential
stored for `https://example.com/foo.git` will also be used for
`https://example.com/bar.git`. If you do want to distinguish these
cases, set this option to `true`.
CUSTOM HELPERS
--------------
You can write your own custom helpers to interface with any system in
which you keep credentials. See the documentation for Git's
link:technical/api-credentials.html[credentials API] for details.
GIT
---
Part of the linkgit:git[1] suite