Related
Is it necessary to store the personal access token somewhere locally on the machine after generating it in GitHub?
If yes, is there any preferred way where it could be stored?
Half the point of passwords is that (ideally) you memorize them and the system hashes them, so therefore they're never stored anywhere in plain text.
Yet GitHub's personal access token system seems to basically force you to store the token in plain text?
First, a PAT (Personal Access Token) is not a simple password, but an equivalent that:
you can generate multiple time (for instance, one per machine from which you need to access GitHub repository)
you can revoke at any time (from the GitHub web interface), which makes that PAT obsolete, even if it lingers around on one of those machines.
That differs from your password, which is unique to your account, and cannot be easily changed without having to also modify it everywhere you happen to use it.
Since a PAT can be used in place of a password when performing Git operations over HTTPS with Git on the command line or the API, you can use a git credential helper to cache it securely.
On Windows, for instance, that would use the Windows Credential Manager, through the GCM -- Git Credential Manager -- for Windows, Mac or Linux:
git config --global credential.helper manager-core
# Git 2.39+
git config --global credential.helper manager
(manager-core is being replaced by/renamed as manager for Git 2.39+, Q4 2022)
The first time you are pushing to a repo, a popup will ask for your credentials: username and your PAT.
The next time, it won't ask, and reuse directly that PAT, which remains stored securely in your Credential Manager.
A similar idea applies for Mac with the OSX keychain, and Linux with the GNOME Keyring (in 2021, it would need a DBus session and libsecret), but in 2021, GCM-Core covers those use cases.
The idea remains: store the PAT in an encrypted credentials store.
As mentioned above, the more modern solution (Q4 2020) is Microsoft Git-Credential-Manager-Core, or, Q4 2022, Microsoft Git-Credential-Manager
git config --global credential.helper manager-core
# Git 2.39+:
git config --global credential.helper manager
Before Git 2.39 (Q4 2022), for Linux:
You need for that to install git-credential-manager-core, downloading its latest release, like gcmcore-linux_amd64.2.0.474.41365.deb
sudo dpkg -i <path-to-package>
git-credential-manager-core configure
Although, with GCM (Git-Credential-Manager-Core) on Linux, as noted by Mekky Mayata in the comments, you need to define a git config --global credential.credentialStore first.
See "Credential stores on Linux":
There are four options for storing credentials that Git Credential Manager (GCM) manages on Linux platforms:
freedesktop.org Secret Service API
GPG/pass compatible files
Git's built-in credential cache
Plaintext files
By default, GCM comes not configured.
You can select which credential store to use by setting the GCM_CREDENTIAL_STORE environment variable, or the credential.credentialStore Git configuration setting.
As noted by agent18 in the comments, using git-credential-libsecret after installing libsecret-1-0 and libsecret-1-dev is a good first step.
But, again, that should be now wrapped by credential-manager-core (before Git 2.39).
In my case, in Ubuntu, the accepted solution didn't work with a message like
git: 'credential-manager' is not a git command
but store instead of manager worked well:
git config --global credential.helper store
Alternatively, you can create a ~/.netrc file in home directory and save your login credentials to it.
cat ~/.netrc
machine github.com login <login-id> password <token-password>
Tested on Ubuntu 20.04, almost fresh install, with Git 2.25.1 and unity 7.5.
Authentication basics
Github needs an authentication key (with certain rights tied to said authentication key). A particular auth key has certain rights, (read private repos, read write public repos etc...) and "acts as a password" coupled with rights which can be revoked whenever the user wants.
Personal Access Token
We start with making a PAT. I.E., Settings --> Developer Settings--> Persaonl access tokens --> Generate new token --> Note --> set permissions (repo,repo_hook maybe) --> generate token
git push the repo and type the generated token(very long password) as password when asked.
Storing the password in different ways
Can be done in a file and then using xclip to bring it back to clipboard and paste it everytime (Screw this)
Cache with the help of git commands git config credential.helper cache <time-limit-of-cache>. But you still have to somehow clipboard the password after the timelimit.
Store it permanently in a file with git commands git config credential.helper store (don't use --global). This is NOT ENCRYPTED. You can open the file and read it. (e.g., If someone gets access to your laptop they can pretty much read the Password using a bootable USB (assuming your whole system is not encrypted)).
Or go the encryption route as per here. It is not complicated at all. 3 simple steps.
sudo apt-get install libsecret-1-0 libsecret-1-dev
sudo make --directory=/usr/share/doc/git/contrib/credential/libsecret
git config credential.helper /usr/share/doc/git/contrib/credential/libsecret/git-credential-libsecret
This allows to store the password/personal access token in an encrypted format. The git config file can be found in the .git/config file in your loca repo as shown here, if you ever need it.
P.S.
There are many places that suggest the use of Gnome-keyring but that is apparently deprecated.
Storing passwords/PATs for more than one account
This becomes tricky and it appears as #VonC suggests that we need a Git-Credential-Manager core (GCM core). This answer is enhanced based on my findings in this answer.
First install GCM core
Download latest .deb package
sudo dpkg -i <path-to-package>
git-credential-manager-core configure
git config --global credential.credentialStore secretservice as we use libsecret
Get latest git
In my case I had git 2.25 and got error error: unknown option 'show-scope'. It appears that GCM core is using higher git
(atleast 2.26).
So install the latest and greatest git as per here:
sudo add-apt-repository ppa:git-core/ppa
sudo apt-get update
apt list git # shows the latest git currently 2.31
sudo apt-get install git #or sudo apt-get upgrade
Update git remote path with username built in
GCM core needs this to identify the different accounts.:(
git remote set-url origin https://user1#github.com/user1/myRepo1.git
git remote set-url origin https://user2#github.com/user1/myRepo1.git
^^^^^
Your ~/.gitconfig file will thus have the following :
[credential]
helper = /usr/bin/git-credential-manager-core
credentialStore = secretservice
[credential "https://dev.azure.com"]
useHttpPath = true
To store your credentials in cache and avoid logging in every time you perform a git action, follow these steps:
Navigate to your local repository folder.
In the current folder's terminal: git config --global --replace-all credential.helper cache
Perform git push or git pull.
Login with username and access token (access token is your password). The token can be setup in GitHub and have access to repo, workflow, write:packages and delete:packages.
Repeat git push or any git action and you'll find that it doesn't ask for login credentials from now on.
I like to keep them encrypted within the repository and load them using .envrc (https://direnv.net/)
For doing this I use ssh-vault to encrypt the data using my ssh keys that GitHub already is exposing, for example:
echo MY_TOKEN="secret" | ssh-vault -u <github-user> create > my-encypted-vars.ssh
Then the content of .envrc looks something like this:
echo "Enter ssh key password"
context=$(ssh-vault view $HOME/projects/my-encrypted.ssh | tail -n +2)
export ${context}
This will decrypt the data in my-encrypted-vars.ssh file and set MY_TOKEN into my environment variables every time I cd into the project dir.
By doing this tokens/variables are stored "safely" and always ready to use as environment variables
try enabling this to help with persisting across push / pulls
git config credential.helper store
For ongoing cloning of repo / for macOS users / install iTerm2
https://iterm2.com/
Enable Toolbelt
Just click the snippet whenever you need it.
P.S. you are using oh-my-zsh, aren't you?
https://github.com/ohmyzsh/ohmyzsh
You can cache your credentials for a defined time using:
git config --global credential.helper cache
The default cache period is 900 sec (15 min) but can be changed with:
git config --global credential.helper 'cache --timeout=3600'
See the following Github page:
https://docs.github.com/en/github/using-git/caching-your-github-credentials-in-git
This is not a permanent store and as per other comments credentials should not be stored in plain text, which is a security risk. I use a password manager (https://bitwarden.com/) to store the PAT (Personal Access Token) then copy it in for the first use, where it is then cached. A PAT is required if you enable 2FA on your Github account.
Well, you have to save the token somewhere, when you don't want to type it each time your app asks for it :-)
A good solution is using environment variables, as already suggested in one comment.
But you still have to set the environment variable somewhere.
On Windows (which I'm using), you could use the dialog box in the system settings (I don't know if other operating systems have something similar).
I don't do this, I prefer a script in my project.
In a private project, you may commit this to source control, but this is a matter of preference.
In one of my personal projects, I'm calling the GitHub API as well, using a personal access token.
It's a command line app and the end user will save the token in a config file (which is OK).
But I need the token for development as well, because the project has integration tests where I'm calling the GitHub API.
And that project is public on GitHub, so I couldn't save the token in source control.
What I did is this:
I have a batch file (remember, I'm on Windows) called environment-variables.bat which sets all required environment variables including the access token
I'm calling this in my build script and in the batch file I'm using to run my tests
environment-variables.bat is ignored in source control
But in source control, there's environment-variables.bat.sample instead, which contains the same, but a fake token/password.
So I can just rename this file to environment-variables.bat, replace the fake password by the real one, and everything works.
This is not the perfect solution for all cases, though.
In my project, I have the problem that I need to use more tokens/passwords for more APIs in the future.
So the number of tokens in my environment-variables.bat will increase, making it difficult for potential contributors to actually execute all integration tests. And I still don't know how to deal with that.
In my use case, I store the PAT in a password manager, e.g. LastPass, KeePass, 1Password. When I need it in a Linux environment ( e.g. Docker ), I save the PAT in an environment variable and then use git's credential helper setting. For example:
git config --global credential.helper 'cache --timeout 600'
<< eof tr -d ' ' | git credential-cache store
protocol=https
host=github.com
username=nonce
password=${GITHUB_PAT}
eof
With a PAT the username can be anything except blank. Here's a gist that elaborates:
https://gist.github.com/rwcitek/da862e9e27cc28d3e96e62a2ca4b2b64
Use git insteadOf. Basically replace every https://github call with your access tokens + https://
git config --global url."https://<username>:<github-token>#github.com/".insteadOf "https://github.com/
Now every call to github will automatically be appended with your credentials.
I found this great answer in here.
Some more info about git insteadOf.
You can store the github https token using pass.
Two alternatives to map a git host to a pass entry:
bash script to map to the right pass entry:
#!/usr/bin/env bash
# assuming "get" action from git and a config like this
# git config --global credential.helper $XDG_BIN_HOME'/git_credentials_from_pass $#'
while IFS= read -r line
do
echo "$line"
if [[ "$line" =~ host=.*github.com.* ]]; then
echo "username=your_user_name"
echo "password=$(pass show token_github.com/your_username)"
#else ...
fi
done
Change your_username and token_github.com the way you set it up with pass insert.
This adds the token to pass without typing or pasting twice:
echo your_github_token | sed p | pass add token_github.com/your_username
Install pass-git-helper and:
git config --global credential.helper '!pass-git-helper $#'
pass-git-helper needs an ini-file to map between the git request and the pass entry.
${XDG_CONFIG_HOME}/pass-git-helper/git-pass-mapping.ini example:
[DEFAULT]
username_extractor=entry_name
[github.com*]
target=token_${host}/your_github_username
Basically I did this on my machine:
https://gist.github.com/bsara/5c4d90db3016814a3d2fe38d314f9c23
My profile script is slightly different than described:
env=~/.ssh/agent.env
agent_load_env () { test -f "$env" && . "$env" >| /dev/null ; }
agent_start () {
(umask 077; ssh-agent >| "$env")
. "$env" >| /dev/null ;
}
agent_load_env
# agent_run_state: 0=agent running w/ key; 1=agent w/o key; 2= agent not running
agent_run_state=$(ssh-add -l >| /dev/null 2>&1; echo $?)
if [ ! "$SSH_AUTH_SOCK" ] || [ $agent_run_state = 2 ]; then
agent_start
ssh-add
elif [ "$SSH_AUTH_SOCK" ] && [ $agent_run_state = 1 ]; then
ssh-add
fi
unset env
Install Git Credential Manager! https://github.com/GitCredentialManager/git-credential-manager . GCM supports caching as well as a variety of platform-specific credential stores that persist between sessions.
Even better: GCM supports user-friendly secure authentication to GitHub and GitLab via web browser with OAuth. This means you no longer even need to create personal access tokens. When you git push, simply follow a link to GitHub and authorize the app. Subsequent authentications require no interaction.
OAuth is more secure than personal access tokens, because the tokens have short expiry, refreshed when required using longer-lived refresh tokens.
curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null
sudo apt update
sudo apt install gh
gh auth login
it will ask to enter the protocol and token
Then I clones the repo again . Its not asking for token
I cannot clone or push to a repository on my server.
I have a bare repo that is located is a directory user#host in directory home/user/test.git that I am trying to access via git clone. I used ssh-add <pathtokey> to add my ssh key. It asked me for the passphrase. I can then ssh user#host successfully.
However if I then try to git clone ssh://user#host/~/test.git I get:
Cloning into 'test'...
user#host: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
also tried
git clone ssh://user#host/home/user/test.git
git clone user#host:home/user/test.git
git clone user#host:/home/user/test.git
with the same result
I am guessing the git credential manager isn't picking up the keys?
On the server /var/auth/log says
Feb 20 02:25:36 xxxxx sshd[24674]: Connection closed by authenticating user XXXX x.x.x.x port 56433 [preauth]
Git version: git version 2.30.1.windows.1
Git Credential Manager: Git Credential Manager version 2.0.318-beta+44acfafa98 (Windows, .NET Framework 4.0.30319.42000)
git config -l reports credential.helper=manager-core
Tried both PowerShell and git bash shells, same result
user has read, execute permissions to the repo
To add to #VonC's response
In git-bash things work as normal.
The normal flow of starting the ssh-agent (via eval 'ssh-agent'
), adding the key via ssh-add <path_to_key> enables git clone to work.
In PowerShell Core, or Cmd, via Windows-Terminal more work is required
the ssh-agent starts automatically (assuming you previously started the OpenSSH Authentication Agent service), adding the key works, and you can ssh after this, but git commands do NOT work, initially, but if you do
git config --global core.sshCommand C:/Windows/System32/OpenSSH/ssh.exe
This will replace the (default) ssh that comes with git-for-windows with the Windows10 implementation.
After this it should work fine in things other than git-bash. Confirmed in Powershell-Core, Command Prompt
See also:
https://gist.github.com/danieldogeanu/16c61e9b80345c5837b9e5045a701c99
The git credential manager is only involved for caching credentials (username/password) for HTTPS URL, not SSH.
Only the ssh-agent could be involved, for caching a possible passphrase, if the private key was defined with it.
I would try first using the full path, since ~ might not be interpreted by the remote shell, but the local (which has a different path for ~):
git clone ssh://user#host/home/user/test.git
# or
git clone user#host:/home/user/test.git
If not, in a git bash session, type:
export GIT_SSH_COMMAND='ssh -v'
git clone ...
The OP confirms in the discussion it works in a bash session:
In git bash, I started the ssh-agent,
added the key there, then it worked.
I'm on a Windows 10 machine and I have both Git Bash and Ubuntu for Windows Subsystem for Linux (WSL) installed. When I use GitHub's official desktop app to clone a repo via HTTPS everything works fine and I can push my commits via Visual Studio Code with no problems whatsoever. I then try to clone a repo via SSH with Hyper (WSL Bash) and get this:
The authenticity of host 'domain.com (a.b.c.d)' can't be established.
RSA key fingerprint is XX:XX:...:XX.
Are you sure you want to continue connecting (yes/no)?
After answering yes and openning that repo in VS Code and try to push my new changes to GitHub, I get this error:
Git: Host key verification failed.
And this is what I get as Git Log in Output:
Host key verification failed.
fatal: Could not read from remote repository.
I have set up my SSH key on WSL using this method and I didn't set up any passphrase. I tried this on my brother's PC which is exactly set up like mine and it worked just fine. I would appreciate any help!
UPDATE: I typed ssh -T git#github.com in Hyper and got this as an answer: You've successfully authenticated, but GitHub does not provide shell access.
P.S. I'm a newbie in programming and stackoverflow, so please be concise and give me step by step instructions. The more you use technical terms, the more I'll probably get lost!
Try first, for that new push, to do it in command line:
cd c:\path\to\local\repo
git status
git log
git remote -v
git push -u origin master
Make sure that:
git status is clean (no pending changes)
git log shows you at least one commit
git remote -v shows you as origin the URL of your remote GitHub repository
(as an SSH URL git#github.com:<you>/<yourRepo>)
Then push, and go back to VSCode.
Should be faster than the other solution:
In vscode open a new terminal of type "Command Prompt"
Run: git push and accept the new key when prompted.
This will store the remote key for future use.
Prefacing this with I am very new to git and github.
I set up a repo on github, as user zzz, and it is correctly listed in my local (repo-specific) git config file, which has entries like the following when I do 'git config --local --list':
remote.origin.url=https://github.com/zzz/myrepo.git
user.name=zzz
user.email=yyy#example.com
But when I do do git push origin master, it get 403 denied to user 'xxx'... a user which corresponds to a completely separate github account. How do I fix this? And why is it picking up user 'xxx' when that is not the user i carefully specified in the local config file? I am on windows 7 machine.
Git store credentials in Windows, clear them referring below image:
Run your git push command, it will prompt you to enter credentials again.
Image Courtesy - Remove credentials from Git
I'm using BitBucket with Xcode and Git for version control, and recently I changed all of my passwords (thanks Adobe!).
Unsurprisingly, I'm no longer able to push my local commits to my repository on BitBucket (Authentication failed for 'https://______.git'), but I'm forgetting how to update the cached password on my iMac. Somehow I've been unable to find it on Google or Stack Overflow, though it seems to me it should be rather straightforward...
To fix this on macOS, you can use
git config --global credential.helper osxkeychain
A username and password prompt will appear with your next Git action (pull, clone, push, etc.).
For Windows, it's the same command with a different argument:
git config --global credential.helper wincred
None of the other answers worked for me on MacOS Sierra 10.12.4
Here is what I had to do:
git config --global --unset user.password
Then run your git command (ex. git push) and reenter your username and password.
In Windows 10 with Git
Remove/update related Credentials stored in Windows Credentials in >>Control Panel\All Control Panel Items\Credential Manager
Or you can just use the search bar and search for "CredentialManager" or "Windows Credentials", which should return an entry to open that Control Panel pane (at least for English users).
The only way I could modify my git password was to go to Credential Manager in Windows (Windows Key + type 'credential') and edit the git entry under Windows Credentials 🡒 Generic Credentials.
Note: Not listed alphabetically
I had the same problem, and the accepted answer didn't help me because the password wasn't stored in the keychain. I typed:
git pull https://myuser#bitbucket.org/mypath/myrepo.git
Then console asked me for my new password.
In windows 10 as mentioned above by #Imran Javed you can find Generic Credentials at :
Control Panel\All Control Panel Items\Credential Manager --> Windows Credentials
find your git server and than you can update password by clicking edit button.
For Mac
If you have multiple remote repositories (Github, Bitbucket, Job, etc.)
1) run in the project directory
git config --unset user.password
2) run remote git command (ie. git push or git pull)
Git will prompt you to reenter your user.name and user.password for this repository
Or you can do it globally if you have only one remote repository
git config --global --unset user.password
If you are MAC user then you can open KeyChain Access Application from finder and then look for your account listed there. Just click on it and update your password.
Now give a try and things will fall in place.
link for reference: Updating your credentials via Keychain Access
None of the other answers worked for me on MacOS Big Sur 11.3.1
I had Two-Factor Authentication enabled on Github, this makes is so you will fail when entering your username and password even when they are correct.
Here is what I had to do:
git config --global --unset user.password
Then run your git command (ex. git push) and enter your username.
For the password you need to generate a Personal Access Token.
Go to https://github.com/settings/profile select the Developer Settings on the right. Select Personal Access Token Generate new token. Copy the generated token and use it as the password in terminal.
running git config --global --unset user.password followed by any git command would prompt you to enter username and password.
git config --global --unset user.password
git push (will prompt you for the password)
git status (will not prompt for password again)
In my Windows machine, I tried the solution of #nzrytmn i.e.,
Control Panel>Search Credentials>Select "ManageCredentials">modified new credentials under git option category corresponding to my username.
And then,
Deleted current password:
git config --global --unset user.password
Added new password:
git config --global --add user.password "new_password"
And It worked for me.
If your credentials are stored in the credential helper, the portable way to remove a password persisted for a specific host is to call git credential reject:
$ git credential reject
protocol=https
host=bitbucket.org
⏎
or
$ git credential reject
url=https://bitbucket.org
⏎
After that, to enter your new password, type git fetch.
Given the new token authentification requirement from August 13 2021, this may be what you are looking for:
Generate a new access token
Update the token used to access your repo
git remote remove origin
git remote add origin https://[TOKEN]#github.com/[USER]/[REPO]
git push
There is such a confusion on this question, as there is way too much complexity in this question. First MacOS vs. Win10. Then the different auth mechanisms.
I will start a consolidated answer here and probably need some help, if I do not get help, I will keep working on the answer until it is complete, but that will take time.
Windows 10: |
|-- Run this command. You will be prompted on next push/pull to enter username and password:
| git config --global credential.helper wincred (Thanks to #Andrew Pye)
`
MacOS:
|
|-- 1. Using git config to store username and password:
| git config --global --add user.password
|
|---- 1.1 first time entry
| git config --global --add user.password <new_pass>
|
|---- 1.2 password update
| git config --global --unset user.password
| git config --global --add user.password <new_pass>
|
|-- 2. Using keychain:
| git config --global credential.helper osxkeychain
|
|---- 2.1 first time entry
| Terminal will ask you for the username and password. Just enter it, it will be
| stored in keychain from then on.
|
|---- 2.2 password update
| Open keychain, delete the entry for the repository you are trying to use.
| (git remote -v will show you)
| On next use of git push or something that needs permissions, git will ask for
| the credentials, as it can not find them in the keychain anymore.
`
I was pushing into the repository for the first time. So there was no HEAD defined.
The easiest way would be to:
git push -u origin master
It will then prompt for the password, and once you enter that it will be saved automatically, and you will be able to push.
If you are using github and have enabled 2 factor authentication, you need to enter a Personal access token instead of your password
First reset your password:
git config --global --unset user.password
Then, log to your github account, on the right hand corner, click on Settings, then Developer Settings. Generate a Personal access token. Copy it.
git push
The terminal will prompt you for your username: enter your email address.
At the password prompt, enter the personal access token instead.
do these steps in Terminal:
Delete current password saved in your Mac
git config --global --unset user.password
Add your new password by using this command, replace with your new password:
git config --global --add user.password <new_pass>
you can change password through command line in 2 places, following would edit credentials to connect the repo
git config --edit
The credentials also can be changed at global using global parameter like below
git config --global --add user.password "XXXX"
or set the credentials helper with
git config --global credential.helper wincred
but if you have repo level credentials set the use the first command
git config --edit
For MacOS based on the new rule to use password tokens from August 13 2021.
I tried all other terminal based answers but none worked.
Simply head to Keychain Access
Search for github
Right click on all github related items, including vs-code,
Delete all items
my password was good in github desktop preferences but wrong in the .git/config file
for me the only working solution was to manually edit the file:
.git/config
that contains this line:
url = https://user:password#github.com/user/repo.git
change password to the GOOD password because it was an older one for me
I was able to change my git password by going to Credential Manager in Windows and deleting all the git entries under Windows Credentials 🡒 Generic Credentials.
When doing a git pull or git push, windows will ask for the new user/password itself.
I would try to delete my account in Keychain Access and then run git clone again. Git will ask me for a new password.
on mac BigSur 11.2.3
I updated the credentials in the key chain then I ran the command below.
git credential-osxkeychain erase
host=github.com
protocol=https
I had to do this because no other solution in this thread worked for me after changing to token auth for github. github kept stating repository not found.
If this does not work try to combine this with the other commands for mac in this thread.
Just clone one of your existing repos, this will prompt you for new credentials:
e.g.
git clone https://myuser#bitbucket.org/mypath/myrepo.git
(where https://myuser#bitbucket.org/mypath/myrepo.git is an address of one of your existing repos)
Tried everything but nothing worked. Then the following did work.
Before any of the above steps, lock and unlock the keychain again coz sometimes it sorta gets stuck.
Install the GitHub Desktop — it helps.
For those who are looking for how to reset access to the repository. By the example of GitHub. You can change your GitHub profile password and revoke all "Personal access tokens" in "Settings -> Developer settings" of your profile. Also you can optionally wipe all your SSH/PGP keys and OAuth/GitHub apps to be sure that access to the repository is completely blocked. Thus, all the credential managers, on any system will fail at authorisation and prompt you to enter the new credentials.
Following steps can resolve the issue .....
Go to the folder ~/Library/Application Support/SourceTree
Delete the file {Username}#STAuth-bitbucket.org
Restart Sourcetree
Try to fetch, password filed appear, give your new password
Also can run git fetch command in terminal and need to type password
Done
None of the command line options from within terminal worked for me. Ultimately, I just opened up keychain manually, searched for 'git' under 'All Items', found an entry there and deleted it. That did it! Next time I tried a git pull from the terminal and it prompted me for new creds.
For MAC users, using git GUI (Works for Sourcetree, may work for others as well). Would like to add a small remark to Derek's answer. The original suggestion:
$ git config --global --unset user.password
should be followed by a push/pull/fetch BUT it might not work when done from the GUI. The %100 working case would be to do the very first consecutive prompt-triggering git command from console. Here is an example:
Locate to your git repository root directory
Type in $ git config --unset user.password
Proceed with a git commend of your choice in terminal e.g.: $ git push
Then it will ask you to provide the new passoword.
On macOS, e.g. after OSX v.11.6, should go to KeyChain and search "git". And delete the relevant keys. It will work.