在哪里存储我的 Git 个人访问令牌? [英] Where to store my Git personal access token?
问题描述
在 GitHub 中生成个人访问令牌后,是否需要将其存储在机器本地的某个位置?
Is it necessary to store the personal access token somewhere locally on the machine after generating it in GitHub?
如果是,是否有任何首选的存储方式?
If yes, is there any preferred way where it could be stored?
推荐答案
密码的一半在于(理想情况下)您记住它们并且系统对它们进行哈希处理,因此它们永远不会以纯文本形式存储在任何地方.
然而 GitHub 的个人访问令牌系统似乎基本上强迫你以纯文本形式存储令牌?
Half the point of passwords is that (ideally) you memorize them and the system hashes them, so therefore they're never stored anywhere in plain text.
Yet GitHub's personal access token system seems to basically force you to store the token in plain text?
首先,一个 PAT (Personal Access Token) 不是一个简单的密码,而是等效的:
First, a PAT (Personal Access Token) is not a simple password, but an equivalent that:
- 您可以多次生成(例如,每台机器生成一个,您需要从中访问 GitHub 存储库)
- 您可以随时撤销(从 GitHub 网络界面),这使得 PAT 过时,即使它在其中一台机器上徘徊.
- you can generate multiple time (for instance, one per machine from which you need to access GitHub repository)
- you can revoke at any time (from the GitHub web interface), which makes that PAT obsolete, even if it lingers around on one of those machines.
这与您的密码不同,后者是您帐户的唯一密码,如果您不也在任何碰巧使用它的地方修改它,就无法轻松更改.
That differs from your password, which is unique to your account, and cannot be easily changed without having to also modify it everywhere you happen to use it.
由于在命令行或 API 上使用 Git 通过 HTTPS 执行 Git 操作时可以使用 PAT 代替密码,因此您可以使用 git 凭证助手 以安全地缓存它.
例如,在 Windows 上,这将使用 Windows 凭据管理器,通过 GCM-Core -- Git 凭据管理器核心 -- 适用于 Windows、Mac 或 Linux:
Since a PAT can be used in place of a password when performing Git operations over HTTPS with Git on the command line or the API, you can use a git credential helper to cache it securely.
On Windows, for instance, that would use the Windows Credential Manager, through the GCM-Core -- Git Credential Manager Core -- for Windows, Mac or Linux:
git config --global credential.helper manager-core
第一次推送到存储库时,弹出窗口会询问您的凭据:用户名和您的 PAT.
下一次,它不会询问并直接重用该 PAT,该 PAT 仍然安全地存储在您的凭据管理器中.
The first time you are pushing to a repo, a popup will ask for your credentials: username and your PAT.
The next time, it won't ask, and reuse directly that PAT, which remains stored securely in your Credential Manager.
类似的想法适用于 Mac 和 OSX 钥匙串 和带有 GNOME Keyring(在 2021 年,它将需要一个 DBus 会话和 libsecret),但在 2021 年, GCM-Core 涵盖了这些用例.
这个想法仍然存在:将 PAT 存储在加密凭证存储中.
A similar idea applies for Mac with the OSX keychain, and Linux with the GNOME Keyring (in 2021, it would need a DBus session and libsecret), but in 2021, GCM-Core covers those use cases.
The idea remains: store the PAT in an encrypted credentials store.
如上所述,更现代的解决方案(2020 年第 4 季度)是 Microsoft Git-Credential-Manager-Core
As mentioned above, the more modern solution (Q4 2020) is Microsoft Git-Credential-Manager-Core
git config --global credential.helper manager-core
你需要安装 git-credential-manager-core,下载它的 最新版本,例如 gcmcore-linux_amd64.2.0.474.41365.deb
You need for that to install git-credential-manager-core, downloading its latest release, like gcmcore-linux_amd64.2.0.474.41365.deb
sudo dpkg -i <path-to-package>
git-credential-manager-core configure
Linux 支持现在 (2021) 没有实现.
尽管在 Linux 上使用 GCM(Git-Credential-Manager-Core),正如 Mekky Mayata 在 git config --global credential.credentialStore.
Linux support is no now (2021) implemented.
Although, with GCM (Git-Credential-Manager-Core) on Linux, as noted by Mekky Mayata in the comments, you need to define a git config --global credential.credentialStore first.
请参阅凭据存储在 Linux 上":
See "Credential stores on Linux":
在 Linux 平台上,有四种用于存储 Git Credential Manager Core (GCM Core) 管理的凭据的选项:
There are four options for storing credentials that Git Credential Manager Core (GCM Core) manages on Linux platforms:
- freedesktop.org Secret Service API
- GPG/
pass兼容文件 - Git 内置的凭据缓存
- 纯文本文件
默认情况下,GCM Core 未配置.
您可以通过设置 GCM_CREDENTIAL_STORE 环境变量或 credential.credentialStore Git 配置设置来选择要使用的凭证存储.
By default, GCM Core comes not configured.
You can select which credential store to use by setting the GCM_CREDENTIAL_STORE environment variable, or the credential.credentialStore Git configuration setting.
正如 agent18 所述">注释,在安装 libsecret-1-0 和 libsecret-1-dev 后使用 git-credential-libsecret 是很好的第一步.
但是,同样,现在应该由 credential-manager-core 包装.
As noted by agent18 in the comments, using git-credential-libsecret after installing libsecret-1-0 and libsecret-1-dev is a good first step.
But, again, that should be now wrapped by credential-manager-core.
这篇关于在哪里存储我的 Git 个人访问令牌?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
