I was listening to GitMinutes episode 19 (http://episodes.gitminutes.com/2013/08/gitminutes-19-marcin-kuzminski-from.html), and around 57'26'', I heard:

+Thomas Ferris Nicolaisen : "I think a lot of people don't mind the lack of ssh support, I mean, it not really such a big deal to have to live without it. It is just sometimes, for  Linux hard-code users, it is practical to just be able to put your keys somewhere and you ready to go, you don't have to type any password, so don't have to remember anything"

+Marcin Kuzminski (RhodeCode https://rhodecode.com/): "But there are a lot of nice plugins, for either Git or Mercurial, you can install your passwords in a local key chain, or have... there are a lot of cool solution for not having to type password for http, so I always give this as a valid counter argument to a 'Oh I have to put my password eveytime'"

+Thomas Ferris Nicolaisen  "Do you know, there is actually, when using git against https, by default you have to type your password all the time, unless you put it in your `.netrc` file ion your home directory. And you have to put in clear text, which a lot of people frown upon, even though I think that also not that bit of a risk.
Do you know if there is like any better ways for Windows users to , you know, kind of keep their password safe?"


The shownotes references http://stackoverflow.com/a/5343146/6309, which includes a credential helper based on a memory cache: you type your passwords once per session, and it stays encrypted in memory.

I don't like this solution, especially since I deal with a lot of upstream repos (GitHub, BitBucket, repos at work, ...).  
I would need to type many different passwords each day.

I prefer storing all those credentials in the `.netrc` file (`_netrc` on Windows).  
But it is in plain text...

Was, actually.

Since git 1.8.3+, you have a new credential helper, aptly called '`netrc`', which allows you to encrypt that file with gpg.

I only keep a `%HOME%\_netrc.gpg` (or `_netrc.asc`), I type a passphrase once per day, and I can pull/push to any of my upstream repos: the right password will be extracted from the encrypted `_netrc` file everytime! Neat.

I explain the full process on Windows at: http://stackoverflow.com/a/18362082/6309
Shared publiclyView activity