Путеводитель по Руководству Linux

  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |



   gitfaq    ( 7 )

Часто задаваемые вопросы об использовании Git (Frequently asked questions about using Git)

Учетные данные (Credentials)

How do I specify my credentials when pushing over HTTP? The easiest way to do this is to use a credential helper via the credential.helper configuration. Most systems provide a standard choice to integrate with the system credential manager. For example, Git for Windows provides the wincred credential manager, macOS has the osxkeychain credential manager, and Unix systems with a standard desktop environment can use the libsecret credential manager. All of these store credentials in an encrypted store to keep your passwords or tokens secure.

In addition, you can use the store credential manager which stores in a file in your home directory, or the cache credential manager, which does not permanently store your credentials, but does prevent you from being prompted for them for a certain period of time.

You can also just enter your password when prompted. While it is possible to place the password (which must be percent-encoded) in the URL, this is not particularly secure and can lead to accidental exposure of credentials, so it is not recommended.

How do I read a password or token from an environment variable? The credential.helper configuration option can also take an arbitrary shell command that produces the credential protocol on standard output. This is useful when passing credentials into a container, for example.

Such a shell command can be specified by starting the option value with an exclamation point. If your password or token were stored in the GIT_TOKEN, you could run the following command to set your credential helper:

$ git config credential.helper \ '!f() { echo username=author; echo "password=$GIT_TOKEN"; };f'

How do I change the password or token I've saved in my credential manager? Usually, if the password or token is invalid, Git will erase it and prompt for a new one. However, there are times when this doesn't always happen. To change the password or token, you can erase the existing credentials and then Git will prompt for new ones. To erase credentials, use a syntax like the following (substituting your username and the hostname):

$ echo url=https://author@git.example.org | git credential reject

How do I use multiple accounts with the same hosting provider using HTTP? Usually the easiest way to distinguish between these accounts is to use the username in the URL. For example, if you have the accounts author and committer on git.example.org, you can use the URLs https://author@git.example.org/org1/project1.git and https://committer@git.example.org/org2/project2.git. This way, when you use a credential helper, it will automatically try to look up the correct credentials for your account. If you already have a remote set up, you can change the URL with something like git remote set-url origin https://author@git.example.org/org1/project1.git (see git-remote(1) for details).

How do I use multiple accounts with the same hosting provider using SSH? With most hosting providers that support SSH, a single key pair uniquely identifies a user. Therefore, to use multiple accounts, it's necessary to create a key pair for each account. If you're using a reasonably modern OpenSSH version, you can create a new key pair with something like ssh-keygen -t ed25519 -f ~/.ssh/id_committer. You can then register the public key (in this case, ~/.ssh/id_committer.pub; note the .pub) with the hosting provider.

Most hosting providers use a single SSH account for pushing; that is, all users push to the git account (e.g., git@git.example.org). If that's the case for your provider, you can set up multiple aliases in SSH to make it clear which key pair to use. For example, you could write something like the following in ~/.ssh/config, substituting the proper private key file:

# This is the account for author on git.example.org. Host example_author HostName git.example.org User git # This is the key pair registered for author with git.example.org. IdentityFile ~/.ssh/id_author IdentitiesOnly yes # This is the account for committer on git.example.org. Host example_committer HostName git.example.org User git # This is the key pair registered for committer with git.example.org. IdentityFile ~/.ssh/id_committer IdentitiesOnly yes

Then, you can adjust your push URL to use git@example_author or git@example_committer instead of git@example.org (e.g., git remote set-url git@example_author:org1/project1.git).