Git - How to use .netrc file on Windows to save user and password
You can also install Git Credential Manager for Windows to save Git passwords in Windows credentials manager instead of _netrc
. This is a more secure way to store passwords.
Is it possible to use a
.netrc
file on Windows?
Yes: You must:
- define environment variable
%HOME%
(pre-Git 2.0, no longer needed with Git 2.0+) - put a
_netrc
file in%HOME%
If you are using Windows 7/10, in a CMD
session, type:
setx HOME %USERPROFILE%
and the %HOME%
will be set to 'C:\Users\"username"
'.
Go that that folder (cd %HOME%
) and make a file called '_netrc
'
Note: Again, for Windows, you need a '_netrc
' file, not a '.netrc
' file.
Its content is quite standard (Replace the <examples>
with your values):
machine <hostname1>
login <login1>
password <password1>
machine <hostname2>
login <login2>
password <password2>
Luke mentions in the comments:
Using the latest version of msysgit on Windows 7, I did not need to set the
HOME
environment variable. The_netrc
file alone did the trick.
This is indeed what I mentioned in "Trying to “install
” github, .ssh
dir not there":git-cmd.bat
included in msysgit does set the %HOME%
environment variable:
@if not exist "%HOME%" @set HOME=%HOMEDRIVE%%HOMEPATH%
@if not exist "%HOME%" @set HOME=%USERPROFILE%
爱国者 believes in the comments that "it seems that it won't work for http protocol"
However, I answered that netrc
is used by curl
, and works for HTTP protocol, as shown in this example (look for 'netrc
' in the page): . Also used with HTTP protocol here: "_netrc
/.netrc
alternative to cURL
".
A common trap with with netrc
support on Windows is that git will bypass using it if an origin https url specifies a user name.
For example, if your .git/config
file contains:
[remote "origin"] fetch = +refs/heads/*:refs/remotes/origin/* url = https://[email protected]/p/my-project/
Git will not resolve your credentials via _netrc
, to fix this remove your username, like so:
[remote "origin"] fetch = +refs/heads/*:refs/remotes/origin/* url = https://code.google.com/p/my-project/
Alternative solution: With git version 1.7.9+ (January 2012): This answer from Mark Longair details the credential cache mechanism which also allows you to not store your password in plain text as shown below.
With Git 1.8.3 (April 2013):
You now can use an encrypted .netrc (with gpg
).
On Windows: %HOME%/_netrc
(_
, not '.
')
A new read-only credential helper (in
contrib/
) to interact with the.netrc/.authinfo
files has been added.
That script would allow you to use gpg-encrypted netrc files, avoiding the issue of having your credentials stored in a plain text file.
Files with the
.gpg
extension will be decrypted by GPG before parsing.
Multiple-f
arguments are OK. They are processed in order, and the first matching entry found is returned via the credential helper protocol.When no
-f
option is given,.authinfo.gpg
,.netrc.gpg
,.authinfo
, and.netrc
files in your home directory are used in this order.
To enable this credential helper:
git config credential.helper '$shortname -f AUTHFILE1 -f AUTHFILE2'
(Note that Git will prepend "
git-credential-
" to the helper name and look for it in the path.)
# and if you want lots of debugging info:
git config credential.helper '$shortname -f AUTHFILE -d'
#or to see the files opened and data found:
git config credential.helper '$shortname -f AUTHFILE -v'
See a full example at "Is there a way to skip password typing when using https:// github
"
With Git 2.18+ (June 2018), you now can customize the GPG program used to decrypt the encrypted .netrc
file.
See commit 786ef50, commit f07eeed (12 May 2018) by Luis Marsano (``).
(Merged by Junio C Hamano -- gitster
-- in commit 017b7c5, 30 May 2018)
git-credential-netrc
: acceptgpg
option
git-credential-netrc
was hardcoded to decrypt with 'gpg
' regardless of the gpg.program option.
This is a problem on distributions like Debian that call modern GnuPG something else, like 'gpg2
'
This will let Git authenticate on HTTPS using .netrc
:
- The file should be named
_netrc
and located inc:\Users\<username>
. - You will need to set an environment variable called
HOME=%USERPROFILE%
(set system-wide environment variables using the System option in the control panel. Depending on the version of Windows, you may need to select "Advanced Options".). - The password stored in the
_netrc
file cannot contain spaces (quoting the password will not work).