ON THIS PAGE
we will show you how the Git Credential Manager for Linux, Mac, or Windows will simplify sign-in for performing Git operations.
- You have a Git client installed on your development machine (if not, download Git and then install).
Git Credential Manager
The Git Credential Manager (GCM) stores and retrieves credentials to and from a secure container for accessing Git resources on Team Services. After successfully signing in, credentials are cached in this way so that you are not repeatedly prompted for credentials during Git operations.
Installing the Git Credential Manager
See the Git Credential Manager download page for instructions on downloading and installing.
How Does it Work?
Once configured with Git, if Git needs credentials for reading from or writing to a Git remote,
it sends a request to the program(s) configured as
credential.helper, as described in gitcredentials.
If none of the credential helpers have valid credentials,
Git will prompt for a username and password and then ask the credential helper(s) to save the values for later retrieval.
This prevents you from having to re-enter credentials for each remote Git operation.
The GCM is a Git
credential helper that assists with multi-factor authentication.
Compared to Git's built-in credential storage (such as wincred for Windows),
which provides single-factor authentication support for any HTTP-enabled Git repository,
the GCM provides multi-factor authentication support for Team Services and GitHub (GitHub supported on Windows; Mac and Linux support coming soon).
Secondary factors of authentication are configured
per-account and include phone calls, SMS, or mobile app notifications.
On Windows, the GCM securely stores credentials after encrypting them with Windows Data Protection.
On Mac OS X the GCM securely stores credentials in the Keychain.
On Linux, the GCM stores credentials in the GNOME Keyring. If you used an older version of the GCM that stored credentials in the
its contents will be imported into secure storage on first run and then the file will be renamed to
insecureStore.xml.old. Once you are satisfied you
will no longer need to downgrade the GCM, you can delete
insecureStore.xml.old, which is located in the
git-credential-manager sub-folder under your HOME folder.
If you are connecting to a Git repository hosted in a Visual Studio Team Services (VSTS) account,
the GCM will attempt to open an internal web browser window so you can authenticate and authorize access to your account (via OAuth 2.0).
If a web browser cannot be opened (this usually happens because the system doesn't have the required components),
instructions will be provided to use any external web browser (via OAuth 2.0 Device Flow) so you can authenticate and authorize access to your account.
In either case, the credential manager will then use the access token to create a VSTS Personal Access Token (PAT) scoped for
effectively granting Git permission to read and write to your Git repositories hosted in VSTS.
If you are connecting to Git repositories hosted elsewhere, the GCM works a lot like git-credential-store and will store and retrieve your username and password.
Frequently Asked Questions (FAQ)
Q: Where can I find the source code for Git Credential Manager?