Using Git on Windows, behind an HTTP proxy, without storing proxy password on disk

git http proxy git-config

I'm using Git on Windows, on a corporate network where I'm behind an HTTP proxy with Basic authentication. Outbound SSH doesn't work, so I have to use HTTPS through the proxy.

I'm aware of how to use git config http.proxy to configure the settings as http://[username]:[password]@[proxy]:[port].

However, particularly as this is a shared machine, I'd rather not store my password in my .gitconfig. Additionally, changing my .gitconfig using the git config command leaves my password in my bash history, so even if I remember to clear my .gitconfig at the end of the session, I'll almost certainly forget to clear my history as well.

I've tried setting http.proxy without a password, in the vain hope that I'd get a prompt asking me for my password when I try to push/pull, but I only get a 407 Proxy Authentication Required. All the information I've found online seems to either ignore the issues with having the password saved in plaintext in .gitconfig, or deals with NTLM proxies.

I'm quite happy to type my proxy details every time I need to connect - the best solution I can see at the moment is writing a wrapper script that will prompt for my password and set that as an environment variable when calling git proper. Is this a decent solution, and are there any security implications to setting an environment variable for a single call in a script? Preferably, are there any built-in settings or existing tools that I can use for this?


Solution 1:

since git 2.8.0

git config --global http.proxy http://[user]@proxyhost:port
git config --global credential.helper wincred

Solution 2:

Instead of using git setting, you can also use environment variable (that you can set just for your session), as described in this answer:

set http_proxy=http://username:password@proxydomain:port
set https_proxy=http://username:password@proxydomain:port
set no_proxy=localhost,.my.company

So your wrapper script could, instead of modifying the .gitconfig (and leaving your password in plain text) set environment variables on demand, just for your current session.

As noted by Welgriv, this is unsafe since environmental variables can be accessed by any program in user mode.

These days (2020, 5+ years later), I prefer:

set http_proxy=http://127.0.0.1:3128
set https_proxy=http://127.0.0.1:3128

With 127.0.0.1:3128 being the default URL for a genotrance/px, a small HTTP proxy server, which will automatically authenticate through an NTLM proxy.
No password or even user to set.

Related

slow function call in V8 when using the same key for the functions in different objects
There is no Unicode byte order mark. Cannot switch to Unicode
Artisan, creating tables in database
Error with git rebase ("could not apply...")
How do I use Array#dig and Hash#dig introduced in Ruby 2.3?
Which is greater: $1000^{1000}$ or $1001^{999}$
Are indefinite integrals unique up to the constant of integration?
Can $n^2+4n$ be a perfect square?
Sum of factors of a huge number.
Is $f(x,y) = f(\mathbf{x})$ abuse of notation?
Diagonalized matrix - Is each column an eigenvector?
Non-end points of Cantor ternary set