8

I have 2 github accounts (work & personal) for which I want to store credentials in my Windows 10 (in secure way).

git config --global credential.helper manager command sets only single username & password which conflicts between personal repo and work repo in my machine. Both repo are cloned using HTTPS.

I want to store and access different credentials probably based on repo username. Is it possible?

I know SSH is an option but I would like to know the way for HTTPS.

GorvGoyl
  • 33,155
  • 24
  • 179
  • 178

4 Answers4

8

Username in URL

On Bitbucket, you can add a username to the HTTPS url of your remote:

  • use: https://JerryGoyal@bitbucket.org/path/repo.git
  • instead of: https://bitbucket.org/path/repo.git

Since the url is technically different, you can add both your work and personal forks as remotes for the same repository if you want to. Issue #749 for the legacy Git Credential Manager suggests that the username-in-url technique works on GitHub as well, but other repo hosts may not support it.

Set useHttpPath

More generally, you can use credential.useHttpPath to split credential management for multiple repositories run by the same host. The quote below from the legacy Git Credential Manager documentation includes CLI for setting it on bitbucket.com, but you can modify for your own purposes or take a look at the longer example text in the newer GCM Core docs.

useHttpPath

Instructs Git to supply the path portion of the remote URL to credential helpers. When path is supplied, the GCM will use the host-name + path as the key when reading and/or writing credentials.

Note: This option changes the behavior of Git.

Supports true or false. Defaults to false.

git config --global credential.bitbucket.com.useHttpPath true

As rjmunro notes in the comments, you can drop --global to use the path for only the current repo. If so, you may as well drop the hostname, too:

git config credential.useHttpPath true

This second method does not help if you want to log into the exact same repo with different credentials on a whim. (See GCM #363.)

Michael
  • 7,248
  • 5
  • 56
  • 81
  • my expectation is to remember both usernames and password in a secure way. if I use useHttpPath I'm being asked for a password each time. – GorvGoyl Sep 17 '18 at 07:22
  • 1
    Presumably you could drop the '--global' if it was only a single repository that you wanted to use a separate login for. – rjmunro Jan 21 '20 at 11:47
1

You could do it with a different helper e.g. git-credential-store which takes an optional parameter for a credential file path. You could set this in local config in each repo, with a different credentials file for each repository.

Alternatively use the suggestion in the link in @phd's comment which should work for Git Credential Manager For Windows

rbennett485
  • 1,576
  • 13
  • 21
  • I specifically asked for a secured way. git-credential-store save passwords in plain text! – GorvGoyl Sep 11 '18 at 09:25
  • If you think Git Credential Manager for Windows doesn't also store them in plaintext then you're in for a surprise ;) – rbennett485 Sep 11 '18 at 11:25
  • oh is it! then tell me how to see password which is stored using manager? https://github.com/Microsoft/Git-Credential-Manager-for-Windows – GorvGoyl Sep 11 '18 at 12:08
  • [cmdkey](https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/cmdkey) lets you do it on the command line, or there's a [programmatic api](https://docs.microsoft.com/en-us/windows/desktop/api/wincred/) if you're a glutton for punishment – rbennett485 Sep 11 '18 at 14:23
  • 1
    did u actually try cmdkey? they clearly say on page that "Passwords will not be displayed once they are stored." – GorvGoyl Sep 12 '18 at 06:07
  • My bad, I'm on mobile and didn't check. Have used CredRead from the api though, or you can also use [git credential fill](https://git-scm.com/docs/git-credential) on the command line. You have to provide some args on stdin, and you have to do it on cygwin as it doesn't like Windows line endings, and that will print your password on the console. It's all just security through obscurity :( – rbennett485 Sep 12 '18 at 06:51
1

More generally, you can use credential.useHttpPath to split credential management for multiple repositories run by the same host. []

In that case, use Git 2.27 (Q2 2020), because the parsing of URL for the credential helper has been corrected.

See commit 4c5971e (14 Apr 2020) by Jeff King (peff).
(Merged by Junio C Hamano -- gitster -- in commit a397e9c, 22 Apr 2020)

credential: treat "?" and "#" in URLs as end of host

Signed-off-by: Jeff King

It's unusual to see:

https://example.com?query-parameters

without an intervening slash, like:

https://example.com/some-path?query-parameters

or even:

https://example.com/?query-parameters

but it is a valid end to the hostname (actually "authority component") according to RFC 3986. Likewise for "#".

And curl will parse the URL according to the standard, meaning it will contact example.com, but our credential code would ask about a bogus hostname with a "?" in it.

Let's make sure we follow the standard, and more importantly ask about the same hosts that curl will be talking to.

It would be nice if we could just ask curl to parse the URL for us.
But it didn't grow a URL-parsing API until 7.62, so we'd be stuck with fallback code either way.
Plus we'd need this code in the main Git binary, where we've tried to avoid having a link dependency on libcurl.

But let's at least fix our parser. Moving to curl's parser would prevent other potential discrepancies, but this gives us immediate relief for the known problem, and would help our fallback code if we eventually use curl.

With Git 2.35 (Q1 2022), credentials and other variable value benefit from the latest of RFC 3986: treat "_" as any other URL-valid characters in an URL when matching the per-URL configuration variable names.

See commit e4c497a (12 Oct 2021) by Jeff King (peff).
(Merged by Junio C Hamano -- gitster -- in commit 96eca02, 29 Nov 2021)

urlmatch: add underscore to URL_HOST_CHARS

Reported-by: Alex Waite
Signed-off-by: Jeff King

When parsing a URL to normalize it, we allow hostnames to contain only dot (".") or dash ("-"), plus brackets and colons for IPv6 literals.
This matches the old URL standard in RFC 1738, which says:

host           = hostname | hostnumber
hostname       = *[ domainlabel "." ] toplabel
domainlabel    = alphadigit | alphadigit *[ alphadigit | "-" ] alphadigit

But this was later updated by RFC 3986, which is more liberal:

host        = IP-literal / IPv4address / reg-name
reg-name    = *( unreserved / pct-encoded / sub-delims )
unreserved  = ALPHA / DIGIT / "-" / "." / "_" / "~"

While names with underscore in them are not common and possibly violate some DNS rules, they do work in practice, and we will happily contact them over http://, git://, or ssh://.
It seems odd to ignore them for purposes of URL matching, especially when the URL RFC seems to allow them.

There shouldn't be any downside here.
It's not a syntactically significant character in a URL, so we won't be confused about parsing; we'd have simply rejected such a URL previously (the test here checks the url code directly, but the obvious user-visible effect would be failing to match credential.http://foo_bar.example.com.helper, or similar config in http.<url>.*).

Arguably we'd want to allow tilde ("~") here, too.
There's likewise probably no downside, but I didn't add it simply because it seems like an even less likely character to appear in a hostname.

VonC
  • 1,129,465
  • 480
  • 4,036
  • 4,755
-5

You can't have multiple usernames per host (or URI). As far as I know, SSH is the most straight-forward, as it currently stands, to do what you want to do.

For more information, you can look at VonC's answer to a very similar question as yours. GitHub: Separate credentials for two accounts on Windows

dgarg
  • 26
  • 5