GPG + HTTP Git

December 11, 2014

Along with a few other protocols like SSH, Git can communicate with a remote over HTTP. Git’s HTTP transport uses basic authentication to identify a user, which is nice because it allows credentials to be consolidated with other tools like Curl.

Git actually uses libcurl to support its HTTP implementation which means that like Curl, it supports credentials stored in .netrc out of the box, although this seems almost somewhat accidental. Modern practice suggests the use of credential helpers to help procure credentials. Luckily, someone has taken the time to write a good credential helper for .netrc that will automatically prefer .netrc.gpg if one is available. Simply install it somewhere in your $PATH and make it executable:

$ curl https://raw.githubusercontent.com/git/git/master/contrib/credential/netrc/git-credential-netrc > ~/bin/git-credential-netrc

$ chmod +x ~/bin/git-credential-netrc

Now you need to tell Git to use this credential helper. Add this section to ~/.gitconfig:

[credential]
    helper = netrc

That’s it! Git will now read host out of your ~/.netrc.gpg when attempting to authenticate with a remote server over HTTP.

GPG + HTTP Git was published on December 11, 2014.

Find me on Twitter at @brandur.

Did I make a mistake? Please consider sending a pull request.