git-credential-store

Store Git credentials in a specific file

$ git config credential.helper 'store --file=[path/to/file]'

git credential-store
This helper is invoked by Git itself, not typically by the user directly. Git communicates with it via standard input and output.
The --file option for specifying the credentials file path is usually configured via git config.

get
    Instructs the helper to retrieve credentials for a given URL. Git provides the URL and other information on stdin, and expects credentials on stdout if found.

store
    Instructs the helper to store credentials. Git provides the credentials (protocol, host, username, password, etc.) on stdin for the helper to save.

erase
    Instructs the helper to erase stored credentials for a given URL. Git provides the URL on stdin.

--file=<path>
    (Configured via git config) Specifies the file path where credentials are stored. Defaults to a standard location (e.g., ~/.git-credentials). This is typically set using git config credential.store.file <path> rather than as a command-line argument to the helper.

git-credential-store is a Git credential helper that saves and retrieves authentication credentials (like usernames and passwords) for Git repositories. It works by writing these credentials to a plain-text file on the local filesystem. This helper is commonly used to avoid repeatedly typing credentials when interacting with remote HTTP/HTTPS repositories. When Git needs credentials, it asks configured helpers; git-credential-store will look up the credentials in its file. When Git successfully authenticates, it can provide the credentials to git-credential-store to save them for future use. While convenient for persistence, its primary drawback is storing sensitive information unencrypted, making it a security risk if the file system is not adequately secured.

git-credential-store stores sensitive authentication credentials in a plain-text file. This poses a significant security risk as anyone with read access to this file can access the credentials. It is not recommended for use on shared systems or in environments where the filesystem's security cannot be guaranteed. Consider using more secure credential helpers like osxkeychain or wincred on supported platforms, or cache for short-term in-memory storage, if plain-text storage is a concern.

To enable git-credential-store, you typically configure Git using git config.
First, set the helper globally: git config --global credential.helper store
Optionally, you can specify a custom file path for storing credentials:
git config --global credential.store.file ~/.my-custom-credentials
Once configured, Git will automatically use this helper to save new credentials after a successful push/pull and retrieve them when needed, eliminating the need for manual entry.

The git-credential-store file is a plain-text file where each line represents a set of credentials for a specific URL. The format is a URL with key-value pairs appended as query parameters. For example:
https://user:password@example.com
or more explicitly:
protocol=https
host=example.com
username=user
password=password
This simple format makes it easy to inspect (though not recommended for security reasons) and parse.

The Git credential helper mechanism was introduced to address the problem of repeatedly entering authentication details for remote repositories. git-credential-store emerged as one of the simplest and most portable implementations, providing basic persistence by writing credentials to a flat file. Its design prioritizes simplicity and broad compatibility across different operating systems, despite the inherent security trade-off of storing sensitive information unencrypted. It has been a standard helper since its introduction as part of the broader credential management framework in Git.

git(1), git-credential(7), git-config(1), git-credential-cache(1), git-credential-osxkeychain(1), git-credential-wincred(1)