summaryrefslogtreecommitdiff
path: root/Documentation/gitcredentials.txt
diff options
context:
space:
mode:
Diffstat (limited to 'Documentation/gitcredentials.txt')
-rw-r--r--Documentation/gitcredentials.txt35
1 files changed, 25 insertions, 10 deletions
diff --git a/Documentation/gitcredentials.txt b/Documentation/gitcredentials.txt
index 758bf39..71dd197 100644
--- a/Documentation/gitcredentials.txt
+++ b/Documentation/gitcredentials.txt
@@ -17,9 +17,10 @@ DESCRIPTION
Git will sometimes need credentials from the user in order to perform
operations; for example, it may need to ask for a username and password
-in order to access a remote repository over HTTP. This manual describes
-the mechanisms Git uses to request these credentials, as well as some
-features to avoid inputting these credentials repeatedly.
+in order to access a remote repository over HTTP. Some remotes accept
+a personal access token or OAuth access token as a password. This
+manual describes the mechanisms Git uses to request these credentials,
+as well as some features to avoid inputting these credentials repeatedly.
REQUESTING CREDENTIALS
----------------------
@@ -61,7 +62,9 @@ for a password. It is generally configured by adding this to your config:
Credential helpers, on the other hand, are external programs from which Git can
request both usernames and passwords; they typically interface with secure
-storage provided by the OS or other programs.
+storage provided by the OS or other programs. Alternatively, a
+credential-generating helper might generate credentials for certain servers via
+some API.
To use a helper, you must first select one to use. Git currently
includes the following helpers:
@@ -101,6 +104,17 @@ $ git help credential-foo
$ git config --global credential.helper foo
-------------------------------------------
+=== Available helpers
+
+The community maintains a comprehensive list of Git credential helpers at
+https://git-scm.com/doc/credential-helpers.
+
+=== OAuth
+
+An alternative to inputting passwords or personal access tokens is to use an
+OAuth credential helper. Initial authentication opens a browser window to the
+host. Subsequent authentication happens in the background. Many popular Git
+hosts support OAuth.
CREDENTIAL CONTEXTS
-------------------
@@ -132,7 +146,7 @@ because the hostnames differ. Nor would it match `foo.example.com`; Git
compares hostnames exactly, without considering whether two hosts are part of
the same domain. Likewise, a config entry for `http://example.com` would not
match: Git compares the protocols exactly. However, you may use wildcards in
-the domain name and other pattern matching techniques as with the `http.<url>.*`
+the domain name and other pattern matching techniques as with the `http.<URL>.*`
options.
If the "pattern" URL does include a path component, then this too must match
@@ -147,7 +161,7 @@ CONFIGURATION OPTIONS
Options for a credential context can be configured either in
`credential.*` (which applies to all credentials), or
-`credential.<url>.*`, where <url> matches the context as described
+`credential.<URL>.*`, where <URL> matches the context as described
above.
The following options are available in either location:
@@ -164,7 +178,7 @@ helper::
If there are multiple instances of the `credential.helper` configuration
variable, each helper will be tried in turn, and may provide a username,
password, or nothing. Once Git has acquired both a username and a
-password, no more helpers will be tried.
+non-expired password, no more helpers will be tried.
+
If `credential.helper` is configured to the empty string, this resets
the helper list to empty (so you may override a helper set by a
@@ -257,7 +271,7 @@ appended to its command line, which is one of:
`erase`::
- Remove a matching credential, if any, from the helper's storage.
+ Remove matching credentials, if any, from the helper's storage.
The details of the credential will be provided on the helper's stdin
stream. The exact format is the same as the input/output format of the
@@ -269,6 +283,7 @@ stdout in the same format (see linkgit:git-credential[1] for common
attributes). A helper is free to produce a subset, or even no values at
all if it has nothing useful to provide. Any provided attributes will
overwrite those already known about by Git's credential subsystem.
+Unrecognised attributes are silently discarded.
While it is possible to override all attributes, well behaving helpers
should refrain from doing so for any attribute other than username and
@@ -286,8 +301,8 @@ For a `store` or `erase` operation, the helper's output is ignored.
If a helper fails to perform the requested operation or needs to notify
the user of a potential issue, it may write to stderr.
-If it does not support the requested operation (e.g., a read-only store),
-it should silently ignore the request.
+If it does not support the requested operation (e.g., a read-only store
+or generator), it should silently ignore the request.
If a helper receives any other operation, it should silently ignore the
request. This leaves room for future operations to be added (older
generated by cgit v0.10.2-6-g49f6 at 2024-04-25 15:11:59 (GMT)