How can I save username and password in Git to avoid credential prompts?
I want to use Git push and pull operations automatically in Git Extensions, Sourcetree, or any other Git GUI without having to enter my username and password in a prompt every time. How can I save my credentials in Git for seamless authentication?
Git provides several secure methods to save credentials and avoid repetitive authentication prompts, with Git Credential Manager being the most recommended approach for Windows and macOS users, while SSH key authentication offers a robust alternative for all platforms. You can configure credential helpers, use SSH keys, or implement token-based authentication to enable seamless Git operations in GUI tools like Git Extensions and Sourcetree.
Contents
- Understanding Git Credential Management
- Using Git Credential Manager
- Configuring Credential Helpers
- SSH Key Authentication
- HTTPS with Token Authentication
- GUI-Specific Solutions
- Security Considerations
Understanding Git Credential Management
Git credential management is the process of storing and retrieving authentication information for remote repositories. When you interact with remote repositories using commands like git push, git pull, or git fetch, Git needs to authenticate your identity. Rather than prompting for credentials every time, Git can store them securely for future use.
Git uses a credential helper system to manage authentication. A credential helper is a program that stores and retrieves credentials for Git. When Git needs credentials, it invokes the configured helper, which can save, retrieve, or erase credentials as needed.
The main credential storage methods include:
- Git Credential Manager (recommended for Windows and macOS)
- Credential helpers like
store,cache, andosxkeychain - SSH key authentication (no password storage required)
- Personal access tokens (for services like GitHub, GitLab)
Each method offers different levels of security and convenience, making it important to choose the right approach for your workflow.
Using Git Credential Manager
Git Credential Manager (GCM) is the modern, recommended approach for Windows and macOS users. It provides secure credential storage with integration into your system’s credential vault.
Installation and Setup
For Windows users, GCM is typically installed automatically with Git for Windows. For macOS, you can install it via Homebrew:
brew install git-credential-manager-core
Basic Configuration
Once installed, configure Git to use GCM:
git config --global credential.helper manager
First-Time Authentication
When you first perform a Git operation that requires authentication, GCM will prompt you for your username and password. After entering them, GCM will securely store them in your system’s credential store.
Windows-Specific Features
On Windows, GCM integrates with Windows Credential Manager and supports:
- Windows Hello for biometric authentication
- Azure Active Directory authentication
- GitHub authentication with single sign-on
macOS-Specific Features
On macOS, GCM integrates with the Keychain and supports:
- Touch ID for biometric authentication
- System Keychain for secure storage
- macOS Keychain Access for credential management
Cross-Platform Support
GCM also works on Linux and can be installed via package managers:
# Ubuntu/Debian
sudo apt-get install git-credential-manager-core
# Fedora/RHEL
sudo dnf install git-credential-manager-core
The Git Credential Manager provides comprehensive documentation and cross-platform support.
Configuring Credential Helpers
Git supports several built-in credential helpers that offer different storage mechanisms and security levels.
Git Credential Store
The store helper saves credentials in plain text in a file. While convenient, this method is less secure as credentials are stored in plaintext.
git config --global credential.helper store
Credentials are stored in ~/.git-credentials file. The format is:
https://username:password@github.com
Git Credential Cache
The cache helper stores credentials in memory for a limited time (15 minutes by default).
git config --global credential.helper "cache --timeout=3600"
This sets the cache timeout to 1 hour. Credentials are lost when the system restarts or the cache expires.
macOS Keychain Helper
On macOS, use the built-in Keychain integration:
git config --global credential.helper osxkeychain
This stores credentials in the macOS Keychain, which is encrypted and protected by your user password.
Linux Keychain Integration
For Linux distributions that support libsecret:
git config --global credential.helper libsecret
Or use GNOME Keychain:
git config --global credential.helper gnome-keyring
Windows Credential Manager
On Windows, you can use the built-in Windows Credential Manager:
git config --global credential.helper manager-core
Or the legacy Windows Credential Manager:
git config --global credential.helper wincred
The Git documentation on credential helpers provides detailed information about each helper and their security characteristics.
SSH Key Authentication
SSH key authentication is one of the most secure methods for Git authentication, as it doesn’t require storing passwords at all.
Generating SSH Keys
If you don’t have an SSH key pair, generate one:
ssh-keygen -t ed25519 -C "your_email@example.com"
For older systems that don’t support Ed25519, use RSA:
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
Copying Public Key to Remote Service
Copy your public key to your Git hosting service:
# Display public key
cat ~/.ssh/id_ed25519.pub
# Or copy to clipboard
clip < ~/.ssh/id_ed25519.pub
Add this public key to your GitHub/GitLab account under SSH keys.
Configuring SSH URLs
Change your remote repository URLs from HTTPS to SSH:
git remote set-url origin git@github.com:username/repository.git
SSH Agent Configuration
Start SSH agent and add your key:
# Start SSH agent
eval "$(ssh-agent -s)"
# Add key to agent
ssh-add ~/.ssh/id_ed25519
For automatic key loading, configure SSH agent in your shell profile:
# ~/.bashrc or ~/.zshrc
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519
SSH Config File
Create or edit ~/.ssh/config:
Host github.com
HostName github.com
User git
IdentityFile ~/.ssh/id_ed25519
IdentitiesOnly yes
As the OpenSSH documentation explains, SSH keys provide strong authentication without requiring password storage.
HTTPS with Token Authentication
Many Git hosting services support personal access tokens (PATs) as an alternative to passwords.
Generating Personal Access Tokens
For GitHub:
- Go to Settings > Developer settings > Personal access tokens
- Generate a new token with appropriate scopes
- Copy the token immediately (you won’t see it again)
Configuring Git to Use Tokens
Instead of your password, use the token when prompted:
git push Username: your_username Password: your_personal_access_token
To store the token permanently using a credential helper:
git config --global credential.helper store
Then the next time Git prompts for credentials, enter:
Username: your_username
Password: your_personal_access_token
Token Best Practices
- Scope tokens appropriately (minimal permissions)
- Regularly rotate tokens for security
- Never commit tokens to version control
- Use environment variables for automation:
export GITHUB_TOKEN=your_token_here
git config --global credential.helper '!f() { echo "username=${GITHUB_USERNAME}"; echo "password=${GITHUB_TOKEN}"; }; f'
The GitHub documentation on personal access tokens provides detailed guidance on token management.
GUI-Specific Solutions
Different Git GUI tools have their own credential management approaches.
Git Extensions
Git Extensions uses Windows Credential Manager by default. To configure:
- Open Git Extensions
- Go to Settings > Git
- Set Credential Manager to “Windows Credential Manager”
- For Linux/macOS, configure Git Credential Manager
Sourcetree
Sourcetree handles credentials through its own credential management:
- Go to Tools > Options
- Select the “Authentication” tab
- Configure credential storage preferences
- You can also use Git Credential Manager with Sourcetree
Visual Studio Code
VS Code integrates with Git’s credential helpers:
# Configure VS Code to use Git Credential Manager
git config --global credential.helper manager
Other GUI Tools
Most modern Git GUI tools integrate with Git Credential Manager or use the system’s credential store. Check your specific tool’s documentation for credential management options.
The Atlassian documentation on Git credential management provides additional insights for GUI-based workflows.
Security Considerations
When implementing credential management, security should be your primary concern.
Security Levels by Method
| Method | Security Level | Convenience | Best For |
|---|---|---|---|
| SSH Keys | Highest | High | Security-conscious users |
| Git Credential Manager | High | Very High | Most users (Windows/macOS) |
| macOS Keychain | High | High | macOS users |
| Windows Credential Manager | High | High | Windows users |
| Linux Keychain | High | High | Linux users |
| Cache | Medium | Medium | Temporary work |
| Store | Low | High | Development only |
Security Best Practices
- Never use plain text storage in production environments
- Use SSH keys when possible for enhanced security
- Regularly rotate personal access tokens
- Enable two-factor authentication for your Git hosting service
- Use credential managers that integrate with system security features
- Avoid committing credentials to version control
- Use environment variables for automation in CI/CD pipelines
Monitoring and Maintenance
Regularly review your stored credentials:
# Check stored credentials
git credential-cache exit
git credential-store --list
# For Git Credential Manager
# Check Windows/macOS system keychain
As the Git Security documentation emphasizes, proper credential management is essential for maintaining both security and productivity in Git workflows.
Sources
- Git Credential Manager Core Documentation
- Git Documentation - Credential Storage
- GitHub Documentation - Personal Access Tokens
- OpenSSH Documentation
- Atlassian Git Tutorials - Credential Management
- Git Security - Credentials
Conclusion
- Git Credential Manager is the recommended approach for most users, providing secure storage with system integration and biometric support on Windows and macOS.
- SSH key authentication offers the highest security level by eliminating password storage entirely and is ideal for security-conscious developers.
- Personal access tokens provide a good balance of security and convenience when working with Git hosting services like GitHub and GitLab.
- Always match your credential management method to your security requirements and workflow preferences.
- Regular maintenance and credential rotation are essential for maintaining security in your Git operations.
- For GUI tools like Git Extensions and Sourcetree, configure them to use your preferred credential manager for seamless authentication.