linux - How secure is storing password with Git?

Question

I use the Git on my workplace and company policy doesn't allow me to store passwords in unsecure way. Is there any better option than using git config credential.helper store for storing password to the Git server?

P.S. Can't use key-authentication as it's not allowed on our server.

Answer 1

git config credential.helper store is not very secure; as it said in documentation:

Using this helper will store your passwords unencrypted on disk, protected only by filesystem permissions

The ~/.git-credentials file will have its filesystem permissions set to prevent other users on the system from reading it, but will not be encrypted or otherwise protected.

So it stores your password as is. Git allows to use your keychain git config --global credential.helper osxkeychain for OSX, so it seems to be more secure. For Linux system you may use git config credential.helper cache, which stores passwords in your memory. Or you can write your own as it said in git help credentials:

You can write your own custom helpers to interface with any system in which you keep credentials. See the documentation for Git's credentials API for details

Besides, @VonC pointed to the cross-platform GPG-based solution. See also this question about .netrc file.

There is also gnome-keyring helper for Linux (thanks to @jazakmeister for advice)