From: Ted Zlatanov <tzz@lifelogs.com>
To: git@vger.kernel.org
Subject: Re: encrypted netrc for Git
Date: Fri, 15 Jul 2011 12:08:49 -0500 [thread overview]
Message-ID: <8762n379pa.fsf@lifelogs.com> (raw)
In-Reply-To: 20110714150033.GA6797@sigill.intra.peff.net
On Thu, 14 Jul 2011 11:00:33 -0400 Jeff King <peff@peff.net> wrote:
JK> On Thu, Jul 14, 2011 at 09:05:50AM -0500, Ted Zlatanov wrote:
TZ> This would also be really nice. ~/.netrc is not a great place to put
TZ> passwords for the HTTP transport. In GNU Emacs we have ~/.authinfo.gpg
TZ> with the same content as ~/.netrc but encrypted by GPG and thus more
TZ> secure (the user is either prompted for the password, if the file is
TZ> encrypted symmetrically, or the user simply loads their private key into
TZ> the GPG agent). I believe all this can be done with the GPGME library.
TZ> There's also the Secrets API on newer Gnome and KDE installs, which has
TZ> a pretty nice D-Bus interface.
JK> Check out:
JK> https://github.com/peff/git/commits/jk/http-auth
JK> which provides an interface for getting credentials from external
JK> helpers.
The API is good, but it's not clear from the docs how to configure
credential helpers from the user side. From the tests it looks like you
set GIT_ASKPASS to them, is that right? And you can also set
credential.helper?
Where do those helpers fit with the .netrc file? Are they called before
or after or instead of the .netrc parse?
Linking these with external libraries like GPGME and the Secrets API
will be pretty easy and improve the user experience. So I'll be glad to
work on it and provide you with feedback. Would you be interested in
pushing your patches further after the testing? They seem pretty
complete.
I'm off-line for the next 10 days or so; I'll start testing when I get
back.
Thanks for your help
Ted
next prev parent reply other threads:[~2011-07-15 17:09 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-07-01 13:59 [Wishlist] could git tell which password it is asking when asking a password Rémi Vanicat
2011-07-01 17:00 ` Junio C Hamano
2011-07-01 17:16 ` Junio C Hamano
2011-07-01 17:18 ` Shawn Pearce
2011-07-01 17:50 ` Junio C Hamano
2011-07-01 19:25 ` Rémi Vanicat
2011-07-01 20:01 ` Ted Zlatanov
2011-07-01 20:30 ` Junio C Hamano
2011-07-01 20:48 ` Jeff King
2011-07-01 20:46 ` Jeff King
2011-07-01 17:04 ` Ted Zlatanov
2011-07-14 14:05 ` encrypted netrc for Git (was: [Wishlist] could git tell which password it is asking when asking a password.) Ted Zlatanov
2011-07-14 15:00 ` Jeff King
2011-07-15 17:08 ` Ted Zlatanov [this message]
2011-07-15 21:05 ` encrypted netrc for Git Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8762n379pa.fsf@lifelogs.com \
--to=tzz@lifelogs.com \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.