Page History

...

You already have a Git credential manager in Keychain, there is nothing to install or configure.

GNU/Linux

GNOME

On GNU/Linux the recommended setup is to use libsecret and the "libsecret credential helper" in order to use GNOME Keyring as the Git credential manager. If you are using a desktop environment or distribution without support for GNOME Keyring, please see the "Manual" Other section.

Fedora

Fedora 29 and 30 (the only two currently supported versions of Fedora) comes with libsecret and GNOME Keyring installed by default. When you install the git package you also get the libsecret credential helper installed. To configure git to use the libsecret credential helper run:

...

sudo dnf install seahorse

Ubuntu

Ubuntu 19.04 and 18.04.2 (LTS) (the only two currently supported versions of desktop Ubuntu) comes with libsecret and GNOME Keyring installed by default. Unfortunately even if you install the Git package you will not get a binary version of the libsecret credential helper installed (you only get the source). This means you have to compile the libsecret credential helper yourself. This is easy to do, it just requires two extra commands:

...

$ sudo apt install seahorse

...

Other

If you are using a desktop environment or distribution without support for GNOME Keyring, or if you want to use your own scheme for storing the PAT, then that is also supported. You can store non-sensitive data such as your username and the URL of the Git source code hosting provider in your ~/.gitconfig file in the "credential" section:

[credential "https://github.com"]
username = foobarYOUR-GITHUB-USERNAME

For the PAT itself, all Skara tools interacting with an external Git source code hosting provider's API supports the GIT_TOKEN environment variable. This means that instead of storing your PAT in a secure way in a Git credential manager you will have to secure the PAT according to your security requirements. The following sections give a few examples on how to secure the PAT depending your security needs.

GPG

You can use GnuPG (GPG) to store your PAT in an encrypted file. The file can be encrypted either using a GPG key or using a passphrase. If you have a GPG key you probably already know how to encrypt a file with it, so we will only cover encrypting using a passphrase here. To encrypt the PAT in a file using a passphrase, run the following command (replacing <PAT> with your personal access token):

$ echo '<PAT>' | gpg --symmetric -o ~/pat.gpg
Enter passphrase:
Repeat passphrase:

When using applicable Skara CLI tools it e.g. encrypted on disk using gpg and then set the GIT_TOKEN environment variable to the decrypted value when , for example:

GIT_TOKEN=$(gpg --decrypt ~/pat.gpg) git pr list

age

You can use age to store you PAT in an encrypted file. To encrypt the file using a passphrase, run the following command (replacing <PAT> with your personal access token):

$ echo '<PAT>' | age --passphrase > ~/pat.age 

When using applicable Skara tools. For CLI tools set the GIT_TOKEN environment variable to the decrypted value, for example:

$ GIT_TOKEN=$(gpgage --decrypt ~/pat.gpgage) git pr list

File Permissions

A non-secure way to restrict access to your PAT is to store it in plain-text but accessible read-only to the current user. To store your PAT, run the following commands (replacing <PAT> with your personal access token):

$ echo '<PAT>' > ~/pat.txt
$ chmod 0400 ~/pat.txt

When using applicable Skara CLI tools set the GIT_TOKEN environment variable:

$ GIT_TOKEN=$(cat ~/pat.txt) git pr list

Creating a Personal Access Token

...