This is the 15th day of my participation in the August More Text Challenge. For details, see:August is more challenging

Introduction to the

Recently, when UPDATING the Github file, I suddenly said that the update is not allowed. The reason is that after August 13, 2021, Github does not allow users to use the account name and password to log in directly. Personal Access token is required. Today I will explain how to cache this token.

background

Github is planning to switch to token-based authentication for all Git commands that require authentication in July 2020 for security reasons. And starting August 13, 2021, passwords will no longer be accepted when authenticating Git operations on GitHub.com.

This change only affects users who use their username and password to interact with Github. If you are using SSH, have previously used tokens, or are using the GitHub Desktop, there is no impact.

Github made this decision for security reasons. Passwords in plain text can easily be compromised, and if they are replaced with time-limited tokens, the impact of leakage would be very limited.

In addition, different tokens can be generated for the same Github account according to different usage channels, and the valid state of the tokens and the permissions represented by different tokens can be controlled at any time. Ensure the security of the account to the maximum extent.

The generated token can be revoked at any time, and the randomness of the token is higher, which is not easy to be cracked by brute force.

Create a token

Token, known as token, and personal Access token, abbreviated as PAT. It is an alternative method of using passwords to authenticate GitHub.

You can think of a token as a password, but the token has permissions and time limits. Also for security, GitHub automatically removes personal access tokens that have not been used within a year. To ensure token security, we strongly recommend adding an expiration time for personal access tokens.

To use a token, you first need to create the token. How do you create a token?

First, go to Github.com, under my account, and select Settings:

Then in the left sidebar, click Developer Settings:

Then select the personal Access token on the left:

Click the Generate token button to generate the token.

During the creation process, we need to enter and select some data:

For example, we need to give the token a name to distinguish between different usage scenarios, and choose an expiration time, which should not be too long for security reasons.

Finally, there is the permission for the token. If you only operate on repository, select repo.

A token is created.

Note that the created token needs to be saved as soon as possible, since the content of the token cannot be viewed from the web page. Tokens need to be saved just as securely as passwords.

With the token

As mentioned above, tokens are passwords. For example, if you copy a repository that requires a password, enter your username and token.

$ git clone https://github.com/username/repo.git
Username: your_username
Password: your_token
Copy the code

But it would be too much trouble if you had to enter your password every time. Here’s how to cache tokens in Git. In fact, tokens and passwords are equivalent, and the same way you cache passwords in Git works for caching tokens.

Cache the token

You can cache passwords by setting the credential. Helper cache mode.

Generally speaking, there are two ways, one is cache, one is store.

The cache store the password in the memory for a period of time. The password is not stored in the disk and is automatically cleared from the memory after a period of time.

To enable cache, run the following command:

git config --global credential.helper cache
Copy the code

For the store, it receives a path to a file to store the password file. The default directory for storing git-credentials is ~/.git-credentials, which can be modified by specifying –file:

git config --global credential.helper 'store --file /data/git/.git-credentials'
Copy the code

If you are using a MAC system, the MAC provides something called osxkeychain, which stores passwords to your system user’s keychain. It’s more elegant because passwords are encrypted and stored, and it’s easy to manage and visually accessible.

Of course you can also delete the github stored password from the command line:

$ git credential-osxkeychain erase
host=github.com
protocol=https
> [Press Return]
Copy the code

If you are on a Windows machine, you can install a tool called “Git Credential Manager for Windows”, which is a similar thing to OSxKeychain.

Use the GCM

Git Credential Manager Core (GCM Core) is now recommended for managing your client credentials.

With GCM Core, there’s no need to create and store pats at all, there’s all GCM Core to manage on your behalf.

How to install GCM? Here’s how to install it on a MAC:

First install Git:

brew install git
Copy the code

Then install GCM Core:

$ brew tap microsoft/git
$ brew install --cask git-credential-manager-core
Copy the code

The next time you clone an HTTPS URL that needs to be authenticated, Git will prompt you to log in using a browser window and authorize the OAuth application to implement GCM Core’s credential management capabilities.

After successful authentication, your credentials will be stored in the macOS keystring, and the credentials in the keystring will be used every time the HTTPS URL is cloned. Git will not ask you to type your credentials again on the command line unless you change them.

GCM Core is also available in Windows and Linux environments.

conclusion

By generating a new token and replacing the existing cached password, I can finally resubmit my Github. Like!

This article is available at www.flydean.com/05-git-pers…

The most popular interpretation, the most profound dry goods, the most concise tutorial, many you do not know the small skills waiting for you to find!

Welcome to follow my public number: “procedures those things”, understand technology, more understand you!