用Git存储密码有多安全? [英] How secure is storing password with Git?
问题描述
我在工作场所使用Git,公司政策不允许我以不安全的方式存储密码。有没有比使用 git config credential.helper store 来存储Git服务器密码更好的选择?
无法使用密钥认证,因为它不允许在我们的服务器上使用。 git config凭证。助手商店不是很安全;正如它在文档中所说:
使用这个帮助程序可以将您的密码保存在磁盘上,
只能通过文件系统权限保护
〜/。 git-credentials文件的文件系统权限设置为阻止系统中的其他用户读取它,但不会被加密或以其他方式保护。
所以它按原样存储你的密码。 Git允许为OSX使用您的钥匙串 git config --global credential.helper osxkeychain ,所以它似乎更安全。对于Linux系统,您可以使用 git config credential.helper cache ,它将密码存储在您的内存中。或者您可以像
您可以编写自己的自定义帮助程序来与您保留凭据的
中的任何系统进行交互。请参阅Git的
凭证API 详情
另外,@VonC指向跨平台的基于GPG的解决方案。另请参阅此问题 about .netrc文件。
还有 gnome-keyring helper (感谢@jazakmeister的建议)
I use the Git on my workplace and company policy doesn't allow me to store passwords in unsecure way. Is there any better option than using git config credential.helper store for storing password to the Git server?
P.S. Can't use key-authentication as it's not allowed on our server.
git config credential.helper store is not very secure; as it said in documentation:
Using this helper will store your passwords unencrypted on disk, protected only by filesystem permissions
The ~/.git-credentials file will have its filesystem permissions set to prevent other users on the system from reading it, but will not be encrypted or otherwise protected.
So it stores your password as is. Git allows to use your keychain git config --global credential.helper osxkeychain for OSX, so it seems to be more secure. For Linux system you may use git config credential.helper cache, which stores passwords in your memory. Or you can write your own as it said in git help credentials:
You can write your own custom helpers to interface with any system in which you keep credentials. See the documentation for Git's credentials API for details
Besides, @VonC pointed to the cross-platform GPG-based solution. See also this question about .netrc file.
There is also gnome-keyring helper for Linux (thanks to @jazakmeister for advice)
这篇关于用Git存储密码有多安全?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
