Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better documentation on git credential-manager store #1683

Open
KirillOsenkov opened this issue Aug 8, 2024 · 8 comments
Open

Better documentation on git credential-manager store #1683

KirillOsenkov opened this issue Aug 8, 2024 · 8 comments
Labels
docs Documentation changes

Comments

@KirillOsenkov
Copy link

We are in a CI environment and can't use UI. We obtain a token for auth to push to Azure Repos, but not sure what's the right way to add the token to Git.

I'm failing to find good documentation on git credential-manager store. It just says you don't need to use it, but it probably implies I'm a regular user in a UI scenario, not a service account on a CI machine.
@KirillOsenkov
Copy link
Author

This is all I see:

image

@dscho
Copy link
Collaborator

dscho commented Aug 12, 2024

I think the canonical way to store a credential is via git credential approve, not via the credential helper. Does that help?

If you need to use git credential-manager store, here is the implementation of that command, and it looks as if it accepted the username and password input the same way as git credential approve, i.e. <key>=<value> pairs provided via stdin.

@KirillOsenkov
Copy link
Author

Thanks, I'll look into approve (it wasn't very intuitive :))

The issue remains though - the docs for store are lacking. Whatever it's doing needs to be documented.

@dscho
Copy link
Collaborator

dscho commented Aug 12, 2024

Thanks, I'll look into approve (it wasn't very intuitive :))

Heh. Git's credential machinery was not designed to be used like that. For pre-authentication, I think the idea was to use a non-interactive credential helper like git credential-netrc.

Granted, the only really useful credential helper that is shipped with Git for Windows (which you seem to need to be using) is GCM.

The issue remains though - the docs for store are lacking. Whatever it's doing needs to be documented.

This lack of documentation is probably due to the fact that this store subcommand is part of the "protocol" Git speaks to the credential helpers, as documented here: https://git-scm.com/docs/gitcredentials#_custom_helpers. Therefore, it's not really up to GCM how this subcommand works, it has to abide by Git's rules, which are already documented in the Git project 😉

@KirillOsenkov
Copy link
Author

Understood, thanks for the explanation.

@glorialilly88

This comment was marked as spam.

Sign in to view
@glorialilly88

This comment was marked as spam.

Sign in to view
@mjcheetham
Copy link
Collaborator

mjcheetham commented Oct 15, 2024
edited
Loading

@KirillOsenkov if you're looking to use GCM and authentication from automation for Azure Repos you may also like to look at the service principal and managed identity support in GCM https://aka.ms/gcm/misp

Otherwise, @dscho is correct that using git credential approve is the best way to pre-load a credential to GCM. git-credential-manager [get|store|erase] are not meant to be called by anyone other than Git itself. The user facing equivalents of get|store|erase is provided by Git's git credential [fill|approve|reject].. confusing, I know! 😅

@mjcheetham mjcheetham added the docs Documentation changes label Oct 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
docs Documentation changes
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dscho @KirillOsenkov @mjcheetham @glorialilly88