From 177681a07ea1c486b41db666b67c2fabd3c5a1d8 Mon Sep 17 00:00:00 2001 From: Jeff King Date: Fri, 1 May 2020 03:33:11 -0400 Subject: [PATCH] gitcredentials(7): make shell-snippet example more realistic There's an example of using your own bit of shell to act as a credential helper, but it's not very realistic: - It's stupid to hand out your secret password to _every_ host. In the real world you'd use the config-matcher to limit it to a particular host. - We never provided a username. We can easily do that in another config option (you can do it in the helper, too, but this is much more readable). - We were sending the secret even for store/erase operations. This is OK because Git would just ignore it, but a real system would probably be unlocking a password store, which you wouldn't want to do more than necessary. Signed-off-by: Jeff King Signed-off-by: Junio C Hamano --- Documentation/gitcredentials.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Documentation/gitcredentials.txt b/Documentation/gitcredentials.txt index 8127dfcd2fbb5b..0d0f7149bd04ce 100644 --- a/Documentation/gitcredentials.txt +++ b/Documentation/gitcredentials.txt @@ -233,8 +233,9 @@ Here are some example specifications: helper = "/path/to/my/helper --with-arguments" # or you can specify your own shell snippet -[credential] - helper = "!f() { echo \"password=$(cat $HOME/.secret)\"; }; f" +[credential "https://example.com"] + username = your_user + helper = "!f() { test \"$1\" = get && echo \"password=$(cat $HOME/.secret)\"; }; f" ---------------------------------------------------- Generally speaking, rule (3) above is the simplest for users to specify.