How do I specify my credentials when pushing over HTTP?
The easiest way to do this is to use a credential helper via
the credential.helper configuration. Most systems provide a
standard choice to integrate with the system credential
manager. For example, Git for Windows provides the wincred
credential manager, macOS has the osxkeychain credential
manager, and Unix systems with a standard desktop environment
can use the libsecret credential manager. All of these store
credentials in an encrypted store to keep your passwords or
tokens secure.
In addition, you can use the store credential manager which
stores in a file in your home directory, or the cache
credential manager, which does not permanently store your
credentials, but does prevent you from being prompted for
them for a certain period of time.
You can also just enter your password when prompted. While it
is possible to place the password (which must be
percent-encoded) in the URL, this is not particularly secure
and can lead to accidental exposure of credentials, so it is
not recommended.
How do I read a password or token from an environment variable?
The credential.helper configuration option can also take an
arbitrary shell command that produces the credential protocol
on standard output. This is useful when passing credentials
into a container, for example.
Such a shell command can be specified by starting the option
value with an exclamation point. If your password or token
were stored in the GIT_TOKEN, you could run the following
command to set your credential helper:
$ git config credential.helper \
'!f() { echo username=author; echo "password=$GIT_TOKEN"; };f'
How do I change the password or token I've saved in my credential
manager?
Usually, if the password or token is invalid, Git will erase
it and prompt for a new one. However, there are times when
this doesn't always happen. To change the password or token,
you can erase the existing credentials and then Git will
prompt for new ones. To erase credentials, use a syntax like
the following (substituting your username and the hostname):
$ echo url=https://author@git.example.org | git credential reject
How do I use multiple accounts with the same hosting provider
using HTTP?
Usually the easiest way to distinguish between these accounts
is to use the username in the URL. For example, if you have
the accounts author and committer on git.example.org, you can
use the URLs https://author@git.example.org/org1/project1.git
and https://committer@git.example.org/org2/project2.gitgit remote set-url origin
https://author@git.example.org/org1/project1.git (see
git-remote(1) for details).
How do I use multiple accounts with the same hosting provider
using SSH?
With most hosting providers that support SSH, a single key
pair uniquely identifies a user. Therefore, to use multiple
accounts, it's necessary to create a key pair for each
account. If you're using a reasonably modern OpenSSH version,
you can create a new key pair with something like ssh-keygen
-t ed25519 -f ~/.ssh/id_committer. You can then register the
public key (in this case, ~/.ssh/id_committer.pub; note the
.pub) with the hosting provider.
Most hosting providers use a single SSH account for pushing;
that is, all users push to the git account (e.g.,
git@git.example.org). If that's the case for your provider,
you can set up multiple aliases in SSH to make it clear which
key pair to use. For example, you could write something like
the following in ~/.ssh/config, substituting the proper
private key file:
# This is the account for author on git.example.org.
Host example_author
HostName git.example.org
User git
# This is the key pair registered for author with git.example.org.
IdentityFile ~/.ssh/id_author
IdentitiesOnly yes
# This is the account for committer on git.example.org.
Host example_committer
HostName git.example.org
User git
# This is the key pair registered for committer with git.example.org.
IdentityFile ~/.ssh/id_committer
IdentitiesOnly yes
Then, you can adjust your push URL to use git@example_author
or git@example_committer instead of git@example.org (e.g.,
git remote set-url git@example_author:org1/project1.git).
