<< All Blog Posts

Git Credential Helpers

RedKeyIcon.jpgIn the most recent major release of git (1.7.9.x), a new "credential API" was introduced. This allows you to store supplied HTTP credentials in a variety of containers (OS X's keychain, in-memory cache and plain-text flat file). This is a major step forward in usability for anyone cloning repositories over HTTP/HTTPS. Before, you either had to enter your username and password every time you interacted with the remote server or use the insecure method of embedding your password in plain-text in the ~/.netrc file.

The documentation for this new API can be obtained via git help credentials. By default, git comes with 2 methods of caching supplied HTTP/HTTPS credentials: an in-memory cache and a plain-text on-disk store. Probably the more interesting however, is the osxkeychain helper in contrib. It is available by default if you build git via MacPorts. This helper will store your username and password securely in OS X's keychain. In order to activate this helper for all repositories by default, do the following:

git config --global credential.helper osxkeychain

After the next interaction with a remote git repository over HTTP/HTTPS, git will store your supplied credentials in your login keychain. You can confirm by using the Keychain Access utility and searching for the domain name hosting the repository.

If you install git via MacPorts, you can ensure you have the helper installed by typing the following:

$ port installed | grep git
git-core @ (active)

The credentials_osxkeychain variant confirms we have a functioning setup.


While not quite as exciting as keychain storage, the ability to cache credentials in memory can be extremely useful when operating on a remote server. This can be activated via:

git config --global credential.helper cache

The default is to cache values in memory for 15 minutes (see git help credential-cache for available options). After the next time you access a repository over HTTP/HTTPS, you should see a process similar to the following running:

davidb         44198   0.0  0.0  2438820   1164 s002  S     2:29PM   0:00.00 git-credential-cache--daemon /Users/davidb/.git-credential-cache/socket

If you a are a Plone developer using mr.developer with repositories hosted over HTTP or HTTPS, these new options will be an extremely welcome addition to your toolset.


Interested in more technical opinions and reviews? Sign up for our mailing list.

Thanks for filling out the form! A Six Feet Up representative will be in contact with you soon.

Have a question? Want to connect with us?