How is git credential manager secure if it displays token
What you've noticed is that if you invoke git credential fill
in the same way as Git does, then it will output the credentials that Git uses to authenticate you. This is useful because Git needs some way to get them out, and it's also possible for you to use a token by extracting it in this way to make API calls if you need to.
The reason this is secure is because if you've properly configured an appropriate credential manager, the data is stored in an encrypted format, and it's only unlocked either when you log in or when you otherwise unlock it. How that works on Windows depends on how you have Git Credential Manager Core configured, but the libsecret
helper I use on Linux stores the data encrypted in my system keychain, which is unlocked when I log in, and is not available when I'm not logged in.
Note that in many cases, you can extract similar data using other APIs that the credential store uses, such as (on Linux) secret-tool
or the like, so the fact that you can print it to the terminal using git credential fill
is no different than your ability to use any other API to print it to the terminal or view it using the typical viewer you use on your system.
Related videos on Youtube
Asif Kamran Malick
Just loves to learn whatever he can. He also appreciates the fact that not all programming languages are the same. Each one is great in its own way. It is such diversities that make the world a beautiful place. Treat them as equals. They are mortals like us. They come , they Grow, they Go.
Updated on June 04, 2022Comments
-
Asif Kamran Malick almost 2 years
I have
credential.helper=manager-core
, which is the new helper for windows credential manager. I don't understand how is it secure if you can get git to display your credentials withgit credential fill
.Steps to reproduce
- confirm the credential helper by executing command
git config --system --list
. If you are running Git for Windows 2.29 or later, then you should be able to seecredential.helper=manager-core
in the list. For earlier versions thecredential.helper
is set tomanager
and notmanager-core
. I'm running the latest Git For Windows 2.29.2 , so for me it returnmanager-core
. - Next, if your credentials have been stored by the helper, then below command should return the credentials on stdout :
git credential fill protocol=https host=github.com` <HIT ENTER KEY TWICE, as A blank line signals input completion>
- The credentials should now display on your console. It is able to display password/token based on whatever you initially configured your git with. In my case I had authenticated with a GitHub personal access token and it displayed that pat.
- confirm the credential helper by executing command
-
Asif Kamran Malick about 3 yearsThanks for your response.
The reason this is secure is because if you've properly configured an appropriate credential manager, the data is stored in an encrypted format
: On this note I would like to point out that I see one more option i.e.credential.https://dev.azure.com.usehttppath=true
. Is this the configuration that you are referring to in your statement. -
Asif Kamran Malick about 3 yearsWill external scripts or packages/modules(like npm's) be able to read this credential which the credential manager is storing. What if some malicious npm module tries to get my credentials say by just running the
git credential fill
. As per the official docs, git exposes this to scripts. And this again brings me back to my original concern of the credential storage mechanism being secure in the first place. May be I am missing onto something. But I would like learn. -
bk2204 about 3 yearsThe
usehttppath
option just requires specification of a path in the input. The behavior is otherwise the same. And yes, other malicious programs running on your account could read it, but they could do that with or without this functionality. A malicious program running as your user can already access all your information.