Check out our end-to-end Java DevOps demo video on YouTube!

ON THIS PAGE we will show you how the Git Credential Manager for Linux, Mac, or Windows will simplify sign-in for performing Git operations.

ASSUMPTIONS

  • You have a Git client installed on your development machine (if not, download Git and then install).

Git Credential Manager

The Git Credential Manager (GCM) stores and retrieves credentials to and from a secure container for accessing Git resources on Team Services. After successfully signing in, credentials are cached in this way so that you are not repeatedly prompted for credentials during Git operations.

Installing the Git Credential Manager

See the Git Credential Manager download page for instructions on downloading and installing.

How Does it Work?

Once configured with Git, if Git needs credentials for reading from or writing to a Git remote, it sends a request to the program(s) configured as credential.helper, as described in gitcredentials. If none of the credential helpers have valid credentials, Git will prompt for a username and password and then ask the credential helper(s) to save the values for later retrieval. This prevents you from having to re-enter credentials for each remote Git operation.

The GCM is a Git credential helper that assists with multi-factor authentication. Compared to Git's built-in credential storage (such as wincred for Windows), which provides single-factor authentication support for any HTTP-enabled Git repository, the GCM provides multi-factor authentication support for Team Services and GitHub (GitHub supported on Windows; Mac and Linux support coming soon). Secondary factors of authentication are configured per-account and include phone calls, SMS, or mobile app notifications.

On Windows, the GCM securely stores credentials after encrypting them with Windows Data Protection.

On Mac OS X the GCM securely stores credentials in the Keychain.

On Linux, the GCM stores credentials in the GNOME Keyring. If you used an older version of the GCM that stored credentials in the insecureStore.xml file, its contents will be imported into secure storage on first run and then the file will be renamed to insecureStore.xml.old. Once you are satisfied you will no longer need to downgrade the GCM, you can delete insecureStore.xml.old, which is located in the git-credential-manager sub-folder under your HOME folder.

If you are connecting to a Git repository hosted in a Visual Studio Team Services (VSTS) account, the GCM will attempt to open an internal web browser window so you can authenticate and authorize access to your account (via OAuth 2.0). If a web browser cannot be opened (this usually happens because the system doesn't have the required components), instructions will be provided to use any external web browser (via OAuth 2.0 Device Flow) so you can authenticate and authorize access to your account. In either case, the credential manager will then use the access token to create a VSTS Personal Access Token (PAT) scoped for vso.code_write, effectively granting Git permission to read and write to your Git repositories hosted in VSTS.

If you are connecting to Git repositories hosted elsewhere, the GCM works a lot like git-credential-store and will store and retrieve your username and password.

Frequently Asked Questions (FAQ)

Q: Where can I find the source code for Git Credential Manager?

A: The code is open source on GitHub for Mac and Linux, as well as Windows. We welcome feedback and contributions!