How do I avoid the specification of the username and password at every git push?

I git push my work to a remote Git repository.

Every push will prompt me to input username and password. I would like to avoid it for every push, but how to configure to avoid it?

1. Generate an SSH key

Linux/Mac

Open terminal to create ssh keys:

cd ~                 #Your home directory
ssh-keygen -t rsa    #Press enter for all values

For Windows

(Only works if the commit program is capable of using certificates/private & public ssh keys)

1. Use Putty Gen to generate a key
2. Export the key as an open SSH key

Here is a walkthrough on putty gen for the above steps

2. Associate the SSH key with the remote repository

This step varies, depending on how your remote is set up.

• If it is a GitHub repository and you have administrative privileges, go to settings and click 'add SSH key'. Copy the contents of your ~/.ssh/id_rsa.pub into the field labeled 'Key'.

• If your repository is administered by somebody else, give the administrator your id_rsa.pub.

• If your remote repository is administered by your, you can use this command for example:

  scp ~/.ssh/id_rsa.pub YOUR_USER@YOUR_IP:~/.ssh/authorized_keys/id_rsa.pub

3. Set your remote URL to a form that supports SSH ¹

If you have done the steps above and are still getting the password prompt, make sure your repo URL is in the form

git+ssh://[email protected]/username/reponame.git

as opposed to

https://github.com/username/reponame.git

To see your repo URL, run:

git remote show origin

You can change the URL with:

git remote set-url origin git+ssh://[email protected]/username/reponame.git

_{[1] This section incorporates the answer from Eric P}

Permanently authenticating with Git repositories,

Run the following command to enable credential caching.

$ git config credential.helper store
$ git push https://github.com/repo.git

Username for 'https://github.com': <USERNAME>
Password for 'https://[email protected]': <PASSWORD>

---

Use should also specify caching expire,

git config --global credential.helper 'cache --timeout 7200'

After enabling credential caching, it will be cached for 7200 seconds (2 hours).

Note: Credential helper stores an unencrypted password on a local disk.

If you already have your SSH keys set up and are still getting the password prompt, make sure your repo URL is in the form

git+ssh://[email protected]/username/reponame.git

as opposed to

https://github.com/username/reponame.git

To see your repo URL, run:

git remote show origin

You can change the URL with git remote set-url like so:

git remote set-url origin git+ssh://[email protected]/username/reponame.git

Just use --repo option for git push command. Like this:

$ git push --repo https://name:[email protected]/name/repo.git

###Saving Indefinitely You can use the git-credential-store via

git config credential.helper store

which stores your password unencrypted in the file system:

> Using this helper will store your passwords unencrypted on disk, protected only by filesystem permissions. If this is not an acceptable security tradeoff, try git-credential-cache, or find a helper that integrates with secure storage provided by your operating system.

###With a Timeout Use the git-credential-cache which by default stores the password for 15 minutes.

git config credential.helper cache

to set a different timeout, use --timeout (here 5 minutes)

git config credential.helper 'cache --timeout=300'

###Secure Saving Indefinitely (OS X and Windows)

> - If you’re using a Mac, Git comes with an “osxkeychain” mode, which caches credentials in the secure keychain that’s attached to your system account. This method stores the credentials on disk, and they never expire, but they’re encrypted with the same system that stores HTTPS certificates and Safari auto-fills. Running the following on the command line will enable this feature: git config --global credential.helper osxkeychain. You'll need to store the credentials in the Keychain using the Keychain app as well. > - If you’re using Windows, you can install a helper called “Git Credential Manager for Windows.” This is similar to the “osxkeychain” helper described above, but uses the Windows Credential Store to control sensitive information. It can be found at https://github.com/Microsoft/Git-Credential-Manager-for-Windows. [emphases mine]

I was using the https link (https://github.com/org/repo.git) instead of the ssh link;

git@github.com:org/repo.git  

Switching solved the problem for me!

Step 1 -

Create SSH keys on your linux system using below command

ssh-keygen -t rsa -b 4096 -C "your_email"

It will ask for passphrase and file name (default will be ~/.ssh/id_rsa, ~/.ssh/id_rsa.pub)

Step 2 -

Once files created add public key id_rsa.pub to github account ssh section.

Step 3 -

On your machine add private key id_rsa to ssh-agent using below command

ssh-add ~/.ssh/id_rsa 

Step 4 -

Now add remote url [email protected]:user_name/repo_name.git to your local git repo using below command.

git remote remove origin
git remote add origin [email protected]:user_name/repo_name.git

Thats it.

On Windows operating system use this instead, this works for me:

https://{Username}:{Password}@github.com/{Username}/{repo}.git

e.g.

git clone https://{Username}:{Password}@github.com/{Username}/{repo}.git

git pull https://{Username}:{Password}@github.com/{Username}/{repo}.git

git remote add origin https://{Username}:{Password}@github.com/{Username}/{repo}.git

git push origin master

Wire your git client to your OS credential store. For example in Windows you bind the credential helper to wincred:

git config --global credential.helper wincred

https://stackoverflow.com/questions/5343068/is-there-a-way-to-skip-password-typing-when-using-https-github

Just wanted to point out something about the solution said above several times:

git config credential.helper store

You can use any command that requires a password after this. You don't have to push. (you can also pull for instance) After that, you won't need to type in your username / password again.

If your PC is secure or you don't care about password security, this can be achieved very simply. Assuming that the remote repository is on GitHub and origin is your local name for the remote repository, use this command

git remote set-url --push origin https://<username>:<password>@github.com/<repo>

The --push flag ensures this changes the URL of the repository for the git push command only. (The question asked in the original post is about git push command only. Requiring a username+password only for push operations is the normal setup for public repositories on GitHub . Note that private repositories on GitHub would also require a username+password for pull and fetch operations, so for a private repository you would not want to use the --push flag ...)

WARNING: This is inherently unsecure because:

1. your ISP, or anyone logging your network accesses, can easily see the password in plain text in the URL;

2. anyone who gains access to your PC can view your password using git remote show origin.

That's why using an SSH key is the accepted answer.

Even an SSH key is not totally secure. Anyone who gains access to your PC can still, for example, make pushes which wreck your repository or - worse - push commits making subtle changes to your code. (All pushed commits are obviously highly visible on GitHub. But if someone wanted to change your code surreptitiously, they could --amend a previous commit without changing the commit message, and then force push it. That would be stealthy and quite hard to notice in practice.)

But revealing your password is worse. If an attacker gains knowledge of your username+password, they can do things like lock you out of your own account, delete your account, permanently delete the repository, etc.

---

Alternatively - for simplicity and security - you can supply only your username in the URL, so that you will have to type your password every time you git push but you will not have to give your username each time. (I quite like this approach, having to type the password gives me a pause to think each time I git push, so I cannot git push by accident.)

git remote set-url --push origin https://<username>@github.com/<repo>

Running the below command solved the problem for me.

git config --global credential.helper wincred

Please refer the below github documentation:

https://help.github.com/articles/caching-your-github-password-in-git/

I used the answer that Pavel suggested and it worked for me. My difference was to do it while I was adding the remote like so: git remote add (alias) https://(name:password)@github.com/(the remote address).git

My Solution on Windows:

1. Right click at directory to push and select "Git Bash Here".
2. ssh-keygen -t rsa (Press enter for all values)
3. Check terminal for: Your public key has been saved in /c/Users/<your_user_name_here>/.ssh/id_rsa.pub
4. Copy public key from specified file.
5. Go to your GitHub profile => Settings => SSH and GPG keys => New SSH key => Paste your SSH key there => Save

As far as I know, there are simply two safe ways: ssh or passwd encrypted using a keystore.

SSH

1. Log in your github;
2. Visit: https://github.com/settings/keys;
3. New SSH key;
4. cat ~/.ssh/id_rsa.pub, paste it there, name and save it (if you have no such file, generate one for yourself by ssh-keygen -t rsa - just Enter for all prompts);
5. Go to your local repository and update your remote by git remote set-url origin git+ssh://[email protected]/username/reponame.git - you can check it first by git remote -v);
6. Here you go, just touch t; git add t; git commit -m "test"; git push and confirm yes to enjoy the password-free world.

passwd ENCRYPTED using a keystore

If you just use git config --global credential.helper store as others mentioned, your unencrypted passwords will be just stored in a plain text under ~/.git-credentials which is not safe as it sounds.

Try to encrypt it as

sudo apt-get install libgnome-keyring-dev
sudo make --directory=/usr/share/doc/git/contrib/credential/gnome-keyring
git config --global credential.helper /usr/share/doc/git/contrib/credential/gnome-keyring/git-credential-gnome-keyring

git config --global credential.helper store

> In this case, you are using https://[email protected]/username/reponame.git.

All this arises because git does not provide an option in clone/pull/push/fetch commands to send the credentials through a pipe. Though it gives credential.helper, it stores on the file system or creates a daemon etc. Often, the credentials of GIT are system level ones and onus to keep them safe is on the application invoking the git commands. Very unsafe indeed.

Here is what I had to work around.

1. Git version (git --version) should be greater than or equal to 1.8.3.

GIT CLONE

For cloning, use "git clone URL" after changing the URL from the format, http://{myuser}@{my_repo_ip_address}/{myrepo_name.git} to http://{myuser}:{mypwd}@{my_repo_ip_address}/{myrepo_name.git}

Then purge the repository of the password as in the next section.

PURGING

Now, this would have gone and

1. written the password in git remote origin. Type "git remote -v" to see the damage. Correct this by setting the remote origin URL without password. "git remote set_url origin http://{myuser}@{my_repo_ip_address}/{myrepo_name.git}"
2. written the password in .git/logs in the repository. Replace all instances of pwd using a unix command like find .git/logs -exec sed -i 's/{my_url_with_pwd}//g' {} ; Here, {my_url_with_pwd} is the URL with password. Since the URL has forward slashes, it needs to be escaped by two backward slashes. For ex, for the URL http://kris:[email protected]/proj.git -> http:\\/\\/kris:[email protected]\\/proj.git

If your application is using Java to issue these commands, use ProcessBuilder instead of Runtime. If you must use Runtime, use getRunTime().exec which takes String array as arguments with /bin/bash and -c as arguments rather then the one which takes a single String as argument.

GIT FETCH/PULL/PUSH

1. set password in the git remote url as : "git remote set_url origin http://{myuser}:{mypwd}@{my_repo_ip_address}/{myrepo_name.git}"
2. Issue the command git fetch/push/pull. You will not then be prompted for the password.
3. Do the purging as in the previous section. Do not miss it.

I recommend using a credential manager to store the Github credentials. Using git config --global credential.helper store is not safe as it stores the Github password in clear text. For Linux, libsecret is an excellent alternative. For Ubuntu and some other linux distributions you can do the following:

Install:

sudo apt-get update
sudo apt install libsecret-1-0 libsecret-1-dev
sudo apt install gnome-keyring

Create

cd /usr/share/doc/git/contrib/credential/libsecret/
Sudo make 

Configure git to store passwords using libsecret

git config --global credentail.helper /usr/share/doc/git/contrib/credential/libsecret/git-credential-libsecret

Your git credentials will be stored by libsecret after you enter your password once after this setup.

You have to setup a SSH private key, you can review this page, how to do the setup on Mac, if you are on linux the guide should be almost the same, on Windows you would need tool like MSYS.

Appears that, at least when using TortoiseGIT on Windows, it is possible to create the SSH keys and transfer these to the GIT server using simply:

> ssh-keygen.exe
> ssh-copy-id [username]@[GIT_server]

In my case, using SSH, after adding the public key to GitHub, then setting the remote to something like [email protected]/username/reponame.git, as well as permanently adding the private key locally worked. The local commands where:

ssh-add

ssh-add -K

I guess the latter step might be missing for some people.