How to configure gcm so that you need to enter a password every session? #2359
-
|
I would like to store some of my credentials on git credential manager, but I would like it so that, similarly to ssh when I want to decrypt my private key right before a connection, I can enter my password to decrypt it temporarially just for the connection, I would like something similar for gcm, for like a server multiple people have access too and so only i can use it and/or to add extra security to my own servers. If this is not possibly i might suggest a feature for it. |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 1 reply
-
|
GCM does not really have a “decrypt once per shell login” mode like an SSH private key workflow. The closest built-in options are: # Do not persist credentials through GCM at all
git config --global credential.credentialStore noneor, on macOS/Linux, use Git's in-memory credential cache with a timeout: git config --global credential.credentialStore cache
git config --global credential.cacheOptions "--timeout 3600"That stores the credential only in Git's cache process for the timeout period. The default timeout documented by GCM is 900 seconds; the example above makes it 1 hour. For a shared server, I would avoid any durable store unless each person has a separate OS user account. Do not put this in If credentials are already saved, remove them first, otherwise GCM may keep returning the old stored value: git credential-manager erase
If you specifically want encrypted files on disk plus a passphrase prompt, the |
Beta Was this translation helpful? Give feedback.
-
|
@krotname I will look into the things you mentioned to try and provide at the very least a temporary solution, would it be worth opening a feature request so this sort of thing is more accessible? |
Beta Was this translation helpful? Give feedback.
GCM does not really have a “decrypt once per shell login” mode like an SSH private key workflow.
The closest built-in options are:
# Do not persist credentials through GCM at all git config --global credential.credentialStore noneor, on macOS/Linux, use Git's in-memory credential cache with a timeout:
git config --global credential.credentialStore cache git config --global credential.cacheOptions "--timeout 3600"That stores the credential only in Git's cache process for the timeout period. The default timeout documented by GCM is 900 seconds; the example above makes it 1 hour.
For a shared server, I would avoid any durable store unless each person has a separate OS user account. Do n…