diff options
| author | Junio C Hamano <gitster@pobox.com> | 2022-06-17 20:33:32 +0300 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2022-06-17 20:33:32 +0300 |
| commit | 7f5a382aa5eb54509a4de4d399d8b35c48d91c65 (patch) | |
| tree | 40eecafad1d0db5fad8be110b8c1d1b671f2b21d /Documentation | |
| parent | d0d96b8280faf7c22c115374732f50972689c0d2 (diff) | |
| parent | 7281c196b1166f1c00df33948c67b0ef81ba63a9 (diff) | |
Merge branch 'ab/credentials-in-url-more'
Rename fetch.credentialsInUrl to transfer.credentialsInUrl as the
single configuration variable should work both in pushing and
fetching.
* ab/credentials-in-url-more:
transfer doc: move fetch.credentialsInUrl to "transfer" config namespace
fetch doc: note "pushurl" caveat about "credentialsInUrl", elaborate
Diffstat (limited to 'Documentation')
| -rw-r--r-- | Documentation/RelNotes/2.37.0.txt | 6 | ||||
| -rw-r--r-- | Documentation/config/fetch.txt | 14 | ||||
| -rw-r--r-- | Documentation/config/transfer.txt | 38 |
3 files changed, 42 insertions, 16 deletions
diff --git a/Documentation/RelNotes/2.37.0.txt b/Documentation/RelNotes/2.37.0.txt index e491a4b7ba..bf00ccc437 100644 --- a/Documentation/RelNotes/2.37.0.txt +++ b/Documentation/RelNotes/2.37.0.txt @@ -54,8 +54,10 @@ UI, Workflows & Features * Update the doctype written in gitweb output to xhtml5. - * The "fetch.credentialsInUrl" configuration variable controls what - happens when a URL with embedded login credential is used. + * The "transfer.credentialsInUrl" configuration variable controls what + happens when a URL with embedded login credential is used on either + "fetch" or "push". Credentials are currently only detected in + `remote.<name>.url` config, not `remote.<name>.pushurl`. * "git revert" learns "--reference" option to use more human-readable reference to the commit it reverts in the message template it diff --git a/Documentation/config/fetch.txt b/Documentation/config/fetch.txt index 0db7fe85bb..cd65d236b4 100644 --- a/Documentation/config/fetch.txt +++ b/Documentation/config/fetch.txt @@ -96,17 +96,3 @@ fetch.writeCommitGraph:: merge and the write may take longer. Having an updated commit-graph file helps performance of many Git commands, including `git merge-base`, `git push -f`, and `git log --graph`. Defaults to false. - -fetch.credentialsInUrl:: - A URL can contain plaintext credentials in the form - `<protocol>://<user>:<password>@<domain>/<path>`. Using such URLs - is not recommended as it exposes the password in multiple ways, - including Git storing the URL as plaintext in the repository config. - The `fetch.credentialsInUrl` option provides instruction for how Git - should react to seeing such a URL, with these values: -+ -* `allow` (default): Git will proceed with its activity without warning. -* `warn`: Git will write a warning message to `stderr` when parsing a URL - with a plaintext credential. -* `die`: Git will write a failure message to `stderr` when parsing a URL - with a plaintext credential. diff --git a/Documentation/config/transfer.txt b/Documentation/config/transfer.txt index b49429eb4d..b4475c0690 100644 --- a/Documentation/config/transfer.txt +++ b/Documentation/config/transfer.txt @@ -1,3 +1,41 @@ +transfer.credentialsInUrl:: + A configured URL can contain plaintext credentials in the form + `<protocol>://<user>:<password>@<domain>/<path>`. You may want + to warn or forbid the use of such configuration (in favor of + using linkgit:git-credential[1]). This will be used on + linkgit:git-clone[1], linkgit:git-fetch[1], linkgit:git-push[1], + and any other direct use of the configured URL. ++ +Note that this is currently limited to detecting credentials in +`remote.<name>.url` configuration, it won't detect credentials in +`remote.<name>.pushurl` configuration. ++ +You might want to enable this to prevent inadvertent credentials +exposure, e.g. because: ++ +* The OS or system where you're running git may not provide way way or + otherwise allow you to configure the permissions of the + configuration file where the username and/or password are stored. +* Even if it does, having such data stored "at rest" might expose you + in other ways, e.g. a backup process might copy the data to another + system. +* The git programs will pass the full URL to one another as arguments + on the command-line, meaning the credentials will be exposed to oher + users on OS's or systems that allow other users to see the full + process list of other users. On linux the "hidepid" setting + documented in procfs(5) allows for configuring this behavior. ++ +If such concerns don't apply to you then you probably don't need to be +concerned about credentials exposure due to storing that sensitive +data in git's configuration files. If you do want to use this, set +`transfer.credentialsInUrl` to one of these values: ++ +* `allow` (default): Git will proceed with its activity without warning. +* `warn`: Git will write a warning message to `stderr` when parsing a URL + with a plaintext credential. +* `die`: Git will write a failure message to `stderr` when parsing a URL + with a plaintext credential. + transfer.fsckObjects:: When `fetch.fsckObjects` or `receive.fsckObjects` are not set, the value of this variable is used instead. |