Oracle Cloud Infrastructure Documentation

Configuring Git Credential Manager

Use a Git Credential Manager (GCM) to securely store and reuse Oracle Cloud Infrastructure authentication tokens for Git operations with DevOps code repositories.

When you access an OCI DevOps code repository over HTTPS, you must provide authentication for every Git operation. We recommend using authentication tokens for enhanced security.

To further streamline access, you can use a GCM to store the credentials securely on the local system. Alternatively, you can configure SSH keys for Git authentication instead of using an auth token over HTTPS.

This section describes how to securely store and manage credentials for Git operations with Oracle Cloud Infrastructure (OCI) DevOps code repositories.

Prerequisites

  • Grant users permission to access DevOps code repositories and related resources by creating IAM policies. For more information, see Code Repository Policies and DevOps IAM Policies.
  • Create an authentication token for each user who uses Git with OCI DevOps code repositories.
  • Create a code repository that's associated with a DevOps project.
  • Install Git version 2.11 or later on your system.

  • Configure Git username and email address. Git uses these values to identify commits.

    git config --global user.name "Your Name"
git config --global user.email "you@example.com"

Configuring Git Credential Manager

You can use the GCM included with the OS to store the OCI authentication token. Use the instructions for the OS.

After the credential manager stores the auth token, it reuses the auth token automatically for Git operations over HTTPS. You're prompted again only if you change the auth token or remove the stored credential.

Configuring GCM for Windows

Use the Git Credential Manager that's included with Git for Windows to store the OCI authentication token.

  1. Install Git for Windows. The Git Credential Manager is included by default.
  2. Open a command prompt.
  3. Set GCM as the default helper: git config --global credential.helper manager-core
  4. Clone the repository using HTTPS: git clone https://<oci_user>@<region>.devops.oci.oraclecloud.com/namespaces/<tenancy>/projects/<project>/repositories/<repo>.git
  5. When prompted for a password, paste the OCI authentication token.

Configuring GCM for macOS

Use the macOS Keychain helper to store the OCI authentication token for Git operations over HTTPS.

  1. Install Git for macOS.
  2. Set the macOS Keychain helper as the default credential manager: git config --global credential.helper osxkeychain
  3. Clone the repository using HTTPS: git clone https://<oci_user>@<region>.devops.oci.oraclecloud.com/namespaces/<tenancy>/projects/<project>/repositories/<repo>.git
  4. When prompted for a password, paste the OCI authentication token.

Configuring GCM for Linux

Install Git Credential Manager Core and configure it as the default helper for Git.

  1. Install Git by using the package manager.
  2. Install Git Credential Manager Core by following the instructions at Git Credential Manager Core.
  3. Set GCM as the default helper: git config --global credential.helper manager-core

    The credential helper value is manager-core.

  4. Clone the repository using HTTPS: git clone https://<oci_user>@<region>.devops.oci.oraclecloud.com/namespaces/<tenancy>/projects/<project>/repositories/<repo>.git
  5. When prompted for a password, paste the OCI authentication token.

Verifying credential helper configuration

Run the following command to verify the credential helper configuration:

git config --global credential.helper

The output must display the credential manager for your operating system.

After the credential manager stores the auth token, it reuses the auth token automatically for Git operations over HTTPS. You are prompted again only if you change the auth token or remove the stored credential.

Updating or removing stored credentials

  • On Windows, use Credential Manager to edit or remove saved items.
  • On macOS, use Keychain Access.
  • On Linux, use the credential manager documentation to manage entries.

To clear credentials from the command line, run:

git credential-manager erase

Configuring a proxy for Git

If the network requires a proxy for outbound HTTPS traffic, configure proxy settings in Git:

git config --global http.proxy http://proxy:port
git config --global https.proxy http://proxy:port

To remove proxy settings, run:

git config --global --unset http.proxy
git config --global --unset https.proxy

Configuring a proxy for Git is optional.

Security guidance

  • Rotate auth tokens periodically and update stored credentials after rotation.
  • Store auth tokens securely and don't share them.

Troubleshooting

  • If you receive authentication errors, verify that the credential manager is configured correctly and that the authentication token is valid.
  • If you changed or revoked a token, update the stored credential or remove it before retrying.
  • If you receive an authentication failed error, generate a new auth token and retry the Git operation.
  • If you receive a repository not found error, verify the repository URL and confirm that the required IAM policies are defined.
  • If you receive a 403 Forbidden error, verify that you have the required permissions to access the repository.

  • To reset the credential helper configuration, run:

    git config --global --unset credential.helper

  • To remove stored credentials, run:

    git credential-manager erase

  • To collect diagnostic information, run:

    git credential-manager diagnose