40

While following a git tutorial, I've made my first push over https today to a remote on git hub, the tutorial mentions the following command to avoid having to keep typing in password details:

git config --global credential.helper wincred

My question is how is this working as a concept? it is the first time I have come across a credential helper. I'm not sure how it works with Windows and Git, where is it being stored and how does it authenticate when I push or pull?

I've tried to search for this online but haven't found any information that explains this in a simple way for someone who is a beginner.

j obe
  • 1,386
  • 2
  • 13
  • 20

3 Answers3

35

If you use wincred for credential.helper, git is using the standard windows Credential Manager to store your credentials.

You can view the Credential Manager from your Control Panel settings.

enter image description here

Gauthaman Sahadevan
  • 883
  • 1
  • 11
  • 18
  • 2
    Thanks @gauthaman I haven't come across credential manager before, so if 2 different people were to use git for windows on the same machine, would they have 2 separate sets of credentials saved? there wouldn't be any chance of mixing up happening? – j obe Jul 12 '16 at 22:44
  • @jobe Not an issue, separate storage and each users separate cert keys secure them – HerbM Nov 10 '18 at 00:22
  • 3
    **Note:** The credentials are stored as "Generic credentials" and typically start with `git:https//...` If you change your Windows password, I recommend to delete those entries and then run `git config --global credential.helper wincred` from the Git console again. Make sure to close and reopen related apps (e.g. Visual Studio) after you've done that. – Matt Apr 11 '19 at 08:22
4

See the MSDN documentation for Windows credential management. The git interface to this just uses the provided API to store your credentials securely. Functions like CredEnumerate and CredWrite get used to check the stored credentials and add or update them.

patthoyts
  • 30,898
  • 3
  • 60
  • 89
  • 1
    Sorry, I looked at the docs but as a beginner I felt it still wasn't very clear in helping me understand. – j obe Jul 12 '16 at 23:17
2

I ran into this recently as well. I kept getting 'unauthorized' to a repository that my standard GitHub account had no problems pulling. It WAS a private repository of course.

So at a top level:

You can either do say a git clone via:

git clone httpS://user:password@githib.com/org/repo.git

Of course, it's a pain every time (and not documented in the git intro pages)

Or, git CLI can store your user name/password in a secure, encrypted store called the Windows Credential Store. This is what you told git to do when you entered git config --global credential.helper wincred.

Then you just do

git clone httpS://githib.com/org/repo.git

and it magically works, using your stored credentials. When Git notices it's a private repository, instead of prompting for user name/password, it goes to the Windows Credential Store and gets your username/password, and uses that. It transmits over https in a secure manner. I'm stressing httpS to show that this only works over https, but if you click the 'copy' command on a Git repository, https is the default.

In theory, git SHOULD prompt you for a user name and password if you omit them, and your user name/password weren't stored; and then store them for subsequent uses. In my case, it didn't. Read on for the fix.

Where is it stored?

Click on "Start" then type "Cred" and go to the Windows Credential Manager.

Then click on "Windows Credentials."

enter image description here

There may be a github entry in the middle of all of the stuff. (This is a good chance to review stored passwords!) In my case, I had the git entry, and I swear I haven't changed the password in ages, but all I had to do was reenter the password and then git clone worked fine with my user name as specified.

To validate where you are set, type

git config --list
http.sslcainfo=C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt
http.sslbackend=openssl
... lots of stuff
credential.helper=manager
.... this is important:
user.name=John Q. Public
user.email=example@users.noreply.github.com
winupdater.recentlyseenversion=2.25.0.windows.1
.... more stuff
credential.helper=wincred

I tried to sanitize the juicy bits. You can validate the last line with the CLI command that you entered. To find where "wincred" is, follow the steps above the picture.

Dharman
  • 26,923
  • 21
  • 73
  • 125
J. Gwinner
  • 178
  • 2
  • 10