git-credential-cache

Store Git credentials for a specific amount of time

$ git config credential.helper 'cache --timeout=[time_in_seconds]'

git-credential-cache [--timeout ] [--socket ]
(Note: git-credential-cache is usually invoked by Git itself, not directly by users.)

--timeout <seconds>
    Specifies the duration (in seconds) for which credentials will be cached. After this period, the credentials expire and Git will prompt again. The default is 900 seconds (15 minutes).

--socket <path>
    Defines the Unix domain socket path used for communication with the cache daemon. This allows multiple processes to share the same cache instance. If not specified, a default path in the user's temporary directory is used.

git-credential-cache is a Git credential helper that temporarily stores credentials in memory for a specified duration, typically to avoid repeatedly prompting the user for authentication. When Git needs credentials (e.g., for `http(s)` or `ftp` operations), it invokes configured credential helpers. If git-credential-cache is configured, it will intercept the credentials after the first successful authentication and store them in a daemon process running in the background. For subsequent requests within the configured timeout period, it will provide the cached credentials, eliminating the need for the user to re-enter their username and password or token.

The default timeout is 15 minutes (900 seconds). This helper significantly improves the user experience during a typical Git working session by reducing authentication friction. The credentials are held in plaintext within the daemon's memory, making it important to understand the security implications, though the short-lived nature of the cache mitigates most persistent risks.

Security Implications: Credentials are held in plain text within the memory of the git-credential-cache--daemon process. While the short timeout period reduces the risk of long-term exposure, an attacker with access to the system's memory or the ability to inspect running processes could potentially retrieve these credentials during the active caching period.

Daemon Process: The helper operates by launching a background daemon process (git-credential-cache--daemon) that manages the cache. This daemon remains active until the cache expires or it is explicitly told to exit.

Shared Cache: All Git repositories on the system (or within the user's environment) that are configured to use git-credential-cache will share the same credential cache instance, potentially leading to conflicts if different repositories require different credentials for the same remote URL.

To enable git-credential-cache for your repositories, you typically configure it using Git's configuration system:
git config --global credential.helper cache
This command adds `cache` to your global credential helpers. You can also specify a timeout:
git config --global credential.helper 'cache --timeout=3600'

To manually clear the cached credentials and stop the daemon process, you can run:
git credential-cache exit
This command signals the running daemon to terminate and clear its stored credentials.

When Git needs credentials, it launches the configured git-credential-cache helper. The helper then communicates with a background daemon process (git-credential-cache--daemon) via a Unix domain socket (or equivalent on Windows). The daemon handles the actual storage, retrieval, and expiration of credentials.

The git-credential-cache helper was introduced as part of Git's broader credential management system, designed to make authentication more convenient for users without storing sensitive information persistently on disk (unlike git-credential-store). It was developed to address the common pain point of repeated password prompts during intensive Git usage, offering a balanced approach between convenience and security by keeping credentials in memory only for a limited duration. Its implementation reflects the evolving needs for secure and user-friendly authentication in distributed version control.

git-credential(7), git-credential-store(1), git-config(1)