Using gpg-agent for git credentials?

taltman taltman at gmail.com
Sat Feb 20 07:15:16 CET 2016 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello GPG experts,

I just recently ran into a git-based service that required password
authentication, and didn't support public-key authentication.

They suggested that I could use git credentials for accessing the
service, and for providing options for storing or caching the password:

https://git-scm.com/docs/gitcredentials

Something about git acting as a password cache didn't sit right with me.
Seems like credential management would be better done using gpg-agent.

There are ways to use external credential management programs with git,
like Gnome Keyring:

https://stackoverflow.com/questions/13385690/how-to-use-git-with-gnome-k
eyring-integration

So it seems like it should be possible to connect git with gpg-agent.

One work-around presented here is to use gpg to encrypt a .netrc file
with your private key, and then use gpg-agent to cache the password:

https://stackoverflow.com/questions/18838579/how-to-store-your-github-ht
tps-password-on-linux-in-a-terminal-keychain

But it seems like the above approach leaves the .netrc unencrypted on
disk at least temporarily, and it isn't as "seamless" as using Gnome
keyring.

In the Git documentation above, there is a mechanism to specify a
program to invoke to fetch credentials, using the GIT_ASKPASS or
SSH_ASKPASS environmental variables. It seems like this might present a
way to invoke gpg-agent, but I'm not sure how. Based on documentation it
seems that these environment variables are usually used to invoke
pinentry programs.

If any one has experience with this, or advice on how to achieve this
integration, I would be greatly appreciative of your help.

Thank you,

~Tomer


- -- 
- ---

Encrypted email preferred.
http://taltman.sdf.org/public_key.asc
Key fingerprint = DFE8 7D60 D452 9C4F 5D1F  7515 F55F BB30 1719 7991
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJWyARzAAoJEMAutzpeVLZSXSAP/A4ZL0UigxUemmQ+Q5dqzsp2
fmHmSQWyprrX+dwcd8szNlIEhYAqMCJ8a5abWXJy93dr5jgaJCV7zj9WS68XNzgP
j/vjYnJALrICdl1LvMUc5ajADN+NU9gbBj/KyvqB+kW9Opo1zDjYRIEBglNokmGH
tT6qBnRXJM2Onm6/OM2n8AUOerkVlhuCSTcazWmxI88aIm73s/QVemJrYrEoff7L
GeiL4EtTth2D7gl0RwtKYsNX9K00szUEAVSDNU6JPyboUpQ5BMnODzHdnRN3SCdR
yjaMEEb2jg+iCeHhmmCnZJDZew/Vv847+biV4L7RySvE1DKe4efwqubbSy0i5shr
re8YgftW2j2XIful0p+/GF0Jgwc/pgCD9y1bWGdUrKO+sVMF8VaMIwxd9a1CVJpE
sLgTzyyPBd2t8uYH2W7gngkLmQ31jT//CQTPiQV3By/nzZGD25CpHKKTDcMAf5Pn
AxxPSE4urwiZnMrrn+WHe5Y7SMATt64tkdsp1nNs2oU6bd9WrF7e8w218V9dUGt3
BpbcZM6A8jbkTU7gE/m6pc/VawRWSxYfh7/vcHG3VJ+IN9yII5hBF9ApU2gmH6qo
cO1ffOA3L1Prh/dxBGlwScsd0A9EnnwfGgpj+qS40qhaY5mmE6DUNu59y/cHqvKi
HWuYHTGyK/wQCOFwalSM
=WHTK
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list