Using gpg-agent for git credentials?

Eugene Stanley e.stanley at iragan.com
Sat Feb 20 09:47:19 CET 2016


On 20/02/16 07:15, taltman wrote:
> Hello GPG experts,
>
> I just recently ran into a git-based service that required password
> authentication, and didn't support public-key authentication.
>
> They suggested that I could use git credentials for accessing the
> service, and for providing options for storing or caching the password:
>
> https://git-scm.com/docs/gitcredentials
>
> Something about git acting as a password cache didn't sit right with me.
> Seems like credential management would be better done using gpg-agent.
>
> There are ways to use external credential management programs with git,
> like Gnome Keyring:
>
> https://stackoverflow.com/questions/13385690/how-to-use-git-with-gnome-k
> eyring-integration
>
> So it seems like it should be possible to connect git with gpg-agent.
Gnome-keyring and gpg-agent don't play well together in my experience,
as the former tries to implement partially some features of gpg-agent.

I regularly use gpg-agent as my SSH agent, which in turns allows me to
use git over SSH for the integration you described.

--
  eugene

>
> One work-around presented here is to use gpg to encrypt a .netrc file
> with your private key, and then use gpg-agent to cache the password:
>
> https://stackoverflow.com/questions/18838579/how-to-store-your-github-ht
> tps-password-on-linux-in-a-terminal-keychain
>
> But it seems like the above approach leaves the .netrc unencrypted on
> disk at least temporarily, and it isn't as "seamless" as using Gnome
> keyring.
>
> In the Git documentation above, there is a mechanism to specify a
> program to invoke to fetch credentials, using the GIT_ASKPASS or
> SSH_ASKPASS environmental variables. It seems like this might present a
> way to invoke gpg-agent, but I'm not sure how. Based on documentation it
> seems that these environment variables are usually used to invoke
> pinentry programs.
>
> If any one has experience with this, or advice on how to achieve this
> integration, I would be greatly appreciative of your help.
>
> Thank you,
>
> ~Tomer
>
>
> > _______________________________________________ > Gnupg-users mailing
list > Gnupg-users at gnupg.org >
http://lists.gnupg.org/mailman/listinfo/gnupg-users


-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20160220/6310b1de/attachment-0001.html>


More information about the Gnupg-users mailing list