I am using password managers since a long time to maintain secure and individual password for different online services. One thing that always bothered me was the missing integration of these password managers with different applications. I started my journey with password managers using KeePassX but recently switched to pass (the standard unix password manager) due to the inherent command line nature and therefore much better integration and remote usage possibilities. Still, there was no easy way to integrate pass with Git (for those repositories where SSH key authentication is not possible) and until recently I still used kwallet as the backend for Git, with all the hassles of duplicated data. To improve on this situation I finally took some time and implemented an adapter between Git and pass: pass-git-helper.
pass-git-helper is a Python script which implements the Git credential API to act as a credential helper.
Since Git requests credentials using the host name and the pass database is usually not organized this way, some kind of adjustment of these concepts is required.
My basic design decision with respect to this issue was that I did not want to artificially structure my password database just to match the Git host concept.
Therefore I opted for a mapping-based solution.
In order to use pass-git-helper you need to specify how hosts are mapped to entries in your password store using a file, usually called ~/.git-pass-mapping
, which might look like this:
[github.com]
target=dev/github
[*.fooo-bar.*]
target=dev/fooo-bar
Additionally, the helper needs to be configured inside Git, e.g. using:
git config credential.helper '!pass-git-helper $@'
As usual for pass, the first line of a password store entry is assumed to contain the password and the second line is interpreted as the user name, if present.
Git credential helper can also offer abilities to update saved credentials or store completely new ones. This is currently not supported, but I’d be happy to integrate such a feature if desired.
pass-git-helper is available on GitHub and licensed as LGPLv3+. I’d be glad to receive some feedback and hope this little helper is useful for someone.