git credential.helper instead of .netrc to get go dependencies - go

To cashing go dependencies I use nexus(as goproxy) which connect to goproxy servers (because nexus can't get dependencies directly from GitHub) outside of private network.
nexus.some.repo.com:4443/repository/go-nexus-proxy ➡️ gonexus.dev
nexus.some.repo.com:4443/repository/go-proxy ➡️ proxy.golang.org
...
GOPROXY="nexus.some.repo.com:4443/repository/go-proxy,nexus.some.repo.com:4443/repository/go-nexus-proxy"
and I use .netrc file to connect to nexus
machine nexus.some.repo.com:4443
login SOME_LOGIN
password SOME_PASS
protocol https
Could I use git credential.helper instead of .netrc❓
If yes 👉🏻 How can I config git credential.helper❓

If you are already using netrc, you could simply configure the credential helper to use netrc
You can download and put in your PATH git-credential-netrc.perl
And then:
git config --global credential.helper netrc

Related

Git keeps storing credentials in Windows Credential Manager [duplicate]

This question already has answers here:
How do I disable git's credential helper for a single repository?
(5 answers)
Closed 9 months ago.
I'd like to use some git credentials for only single command.
git -c remote.origin.url="http://pass:user#gitserver/GitRepo" push
But after doing that credentials are saved in Credential Manager (i can see them in Windows Credential Manager), and are used implicitly for the subsequent git push commands.
How do I prevent storing them?
First, determine your scope
You might want to disable the use of the Windows Credential Manager in one of three different scopes:
globally, so these creds are never stored in the manager,
locally, so the creds are not stored in the manager for this one repo, or
temporarily, for just one command.
In all cases, the answer is to unset the credential.helper in your configuration, but how you do it depends on the scope.
Globally
Run
git config --global credential.helper ""
and Git will no longer store credentials anywhere for you.
Locally
Once you've cloned a sandbox, you can disable the credential manager for operations inside that sandbox only with this command:
git config --local credential.helper ""
For one command only
Finally, you can use -c on the command line for one time overrides:
git -c credential.helper= <some command>
Locally, revisited
If you're going to disable credential management for a single repo, you'll actually have to use the -c variant when you clone the repo, to turn off credential storage on clone, and the --local setting in that sandbox, to turn off credential storage on push/pull/fetch operations.
Undoing it all
If you change your mind later, you can undo things by removing your own config setting that disables credential management:
git config --global --unset credential.helper
or
git config --local --unset credential.helper
This way, you go back to the system default (that's manager-core in my Git for Windows configuration, which uses the Windows Credential Manager).
Or, you can set your own credential manager choice explicitly, globally or in the sandbox, with:
git config --global credential.helper manager-core
or
git config --local credential.helper manager-core

Get a private repository from AWS codecommit using HTTPS GRC

I'm trying to import a module located in AWS codecommit. To clone the repository I'm using HTTPS GRC (Git Remote Codecommit) method, which uses Google Suite credentials to access AWS console.
The command I use to clone the repository is:
git clone codecommit::us-west-2://my-module
The remote module's go.mod file contains this:
module git-codecommit.us-west-2.amazonaws.com/my-module.git
I tried to achieve my goal configuring Git like this:
git config --global url."codecommit::us-west-2://".insteadOf "https://git-codecommit.us-west-2.amazonaws.com/"
Setted GOPRIVATE:
go env -w GOPRIVATE=git-codecommit.us-west-2.amazonaws.com/my-module.git
And then getting the repository:
go get -x git-codecommit.us-west-2.amazonaws.com/my-module.git
but I get this output (and the execution gets stuck):
cd.
git ls-remote https://git-codecommit.us-west-2.amazonaws.com/my-module
I would like to mention that when I execute the git ls-remote https://git-codecommit.us-west-2.amazonaws.com/my-module command manually I get the information of the branches and tags without problems.
I checked this topic but in that case SSH protocol is used instead of HTTP GRC. Maybe the only way to import a module from a private repository is via SSH?
Finally found the solution:
Set Git credential helper:
git config --global credential.helper '!aws codecommit credential-helper $#'
git config --global credential.UseHttpPath true
Set GOPRIVATE env var:
go env -w GOPRIVATE=git-codecommit.us-west-2.amazonaws.com
In MacOS, disable keychain for Git:
Comment helper = osxkeychain in the file containing that value (run git config -l --show-origin | grep credential to find the target file)
Run go get:
go get git-codecommit.us-west-2.amazonaws.com/v1/repos/my-module.git

Passing credentials in Git Fetch and cache

I am trying to configure a git client to checkout using git fetch followed by git checkout from a bash script.
I have a github PAT (personal access token).
My purpose is to use my github user-id and the PAT to pass to the git fetch command one time such that next git command onwards, it won't require.
I know in git clone, I can pass the password like this:
git clone https://<token>#github.com/<username>/repository.git
I also setup the credential.helper to the cache for credential caching.
git config --global user.name "git-user-id"
git config --global user.email "email"
git config --global credential.helper cache
Now I want to pass the user name and PAT to the git fetch:
git fetch --no-tags --progress --depth=1 -- https://github.com/RepoName/demo-internal.git +refs/heads/<branch>:refs/remotes/origin/<branch>
git checkout <branch>
How can I do it in the git command line?
Note: I am not looking for an interactive way like using Expect or something like that.
You shouldn't place credentials in the URL. The Git FAQ mentions why:
While it is possible to place the password (which must be percent-encoded) in the URL, this is not particularly secure and can lead to accidental exposure of credentials, so it is not recommended.
If your goal is to set up access for your own use (say, a personal or work desktop or laptop), then that FAQ entry tells you how to set up a credential helper that will save your credentials securely long term, using an appropriate encrypted credential store for your system.
If your goal is to set up credentials for some sort of automated system, you can set up a custom credential helper to read from the environment. You could also generate an Ed25519 SSH deploy key and use that.
Note that user.name is not a username; it is a personal name and has no effect on authentication. For example, the maintainer of Git has this value set to “Junio C Hamano.”

How Can I Configure GitHub Desktop/Windows to Work with a Proxy?

New to working with git in Windows. I downloaded the GitHub Desktop application and can connect my account, but doing pushes/pulls fails because of an unresolved host. Asking around the workplace I got the following suggestion to type this command into the git shell.
git config --global http.proxy http://username:password#proxy.workplace.com:8080
Does this:
Store my password in plain text?
Send my password in plain text?
Doesn't GitHub for Desktop generate and use SSH keys instead (I got an email notification when I first connected my account)? How can I configure GitHub Desktop to work with this proxy?
To directly add a proxy to Github Desktop without using git shell:
Set up/Sign in to your account in Github Desktop(This won't be a problem, proxy only doesn't allow you to Add, create or clone repo)
Close Github Desktop for the time being(to set up proxy).
Go to C:\Users\#yourusername.
There you will find a file named .gitconfig
Open it with any text editor(I have used sublime text 3) and add
[http]
proxy = http://username:password#your.proxy.address:8080
and save.
Now you can add, create and clone repos in Github Desktop.
Note(for TFS users): TFS will return 502 bad gateway error when you use the above proxy configuration. Use hash # to comment out the proxy config in .gitconfig to switch between Git and TFS.
So actually the solution was to type this command into the git shell.
git config --global http.proxy http://<proxy-ip>:<proxy-port>
Try and upgrade to GitHub Desktop 2.4 (March 2020)
Working behind a proxy
With GitHub Desktop 2.4, we automatically handle setup without needing you to configure anything manually—worry no more!
It might work with this:
git config --global http.proxy proxy_address:proxy_port
git config --global https.proxy proxy_address:proxy_port
If username and password are not that much important then use:
git config --global http.proxy username:password#proxy_address:proxy_port
git config --global https.proxy username:password#proxy_address:proxy_port

How do I configure Git to trust certificates from the Windows Certificate Store?

Currently I have the following entry in my .gitconfig in my user directory.
...
[http]
sslCAInfo=C:\\Users\\julian.lettner\\.ssh\\git-test.pem
...
This sets the certificate to use when interacting with the git server (required by my company's git server).
But now I cannot clone other repositories (for example a public repository on GitHub), because the client always uses the configured certificate which gets rejected by other servers.
How can I circumvent this certification issue? Can I configure Git to use the Windows Certificate Store to authenticate?
Beginning with Git for Windows 2.14, you can now configure Git to use SChannel, the built-in Windows networking layer. This means that it will use the Windows certificate storage mechanism and you do not need to explicitly configure the curl CA storage mechanism.
From the Git for Windows 2.14 release notes:
It is now possible to switch between Secure Channel and OpenSSL for Git's HTTPS transport by setting the http.sslBackend config variable to "openssl" or "schannel"; This is now also the method used by the installer (rather than copying libcurl-4.dll files around).
You can choose the new SChannel mechanism during the installation of Git for Windows 2.14. You can also update an existing installation to use SChannel by running:
git config --global http.sslBackend schannel
Once you have configured this, Git will use the Windows certificate store and should not require (and, in fact, should ignore) the http.sslCAInfo configuration setting.
Use:
git config --local ...
To specify per-repository settings. Local settings are stored in the .git directory.
An overview of the three locations where git can store settings:
--local: Repository specific, <repo_dir>/.git/config
--global: User-specific, ~/.gitconfig
--system: System default, /etc/gitconfig
More specific ones override more general settings, i.e. local overrides both global and system.

Resources