Git - How to use .netrc file on Windows to save user and password
Is it possible to use a
.netrc
file on Windows?
Yes: You must:
- define environment variable
%HOME%
(pre-Git 2.0, no longer needed with Git 2.0+) - put a
_netrc
file in%HOME%
If you are using Windows 7/10, in a CMD
session, type:
setx HOME %USERPROFILE%
and the %HOME%
will be set to 'C:\Users\"username"
'.
Go that that folder (cd %HOME%
) and make a file called '_netrc
'
Note: Again, for Windows, you need a '_netrc
' file, not a '.netrc
' file.
Its content is quite standard (Replace the <examples>
with your values):
machine <hostname1>
login <login1>
password <password1>
machine <hostname2>
login <login2>
password <password2>
Luke mentions in the comments:
Using the latest version of msysgit on Windows 7, I did not need to set the
HOME
environment variable. The_netrc
file alone did the trick.
This is indeed what I mentioned in "Trying to “install
” github, .ssh
dir not there":git-cmd.bat
included in msysgit does set the %HOME%
environment variable:
@if not exist "%HOME%" @set HOME=%HOMEDRIVE%%HOMEPATH%
@if not exist "%HOME%" @set HOME=%USERPROFILE%
爱国者 believes in the comments that "it seems that it won't work for http protocol"
However, I answered that netrc
is used by curl
, and works for HTTP protocol, as shown in this example (look for 'netrc
' in the page): . Also used with HTTP protocol here: "_netrc
/.netrc
alternative to cURL
".
A common trap with with netrc
support on Windows is that git will bypass using it if an origin https url specifies a user name.
For example, if your .git/config
file contains:
[remote "origin"] fetch = +refs/heads/*:refs/remotes/origin/* url = https://[email protected]/p/my-project/
Git will not resolve your credentials via _netrc
, to fix this remove your username, like so:
[remote "origin"] fetch = +refs/heads/*:refs/remotes/origin/* url = https://code.google.com/p/my-project/
Alternative solution: With git version 1.7.9+ (January 2012): This answer from Mark Longair details the credential cache mechanism which also allows you to not store your password in plain text as shown below.
With Git 1.8.3 (April 2013):
You now can use an encrypted .netrc (with gpg
).
On Windows: %HOME%/_netrc
(_
, not '.
')
A new read-only credential helper (in
contrib/
) to interact with the.netrc/.authinfo
files has been added.
That script would allow you to use gpg-encrypted netrc files, avoiding the issue of having your credentials stored in a plain text file.
Files with the
.gpg
extension will be decrypted by GPG before parsing.
Multiple-f
arguments are OK. They are processed in order, and the first matching entry found is returned via the credential helper protocol.When no
-f
option is given,.authinfo.gpg
,.netrc.gpg
,.authinfo
, and.netrc
files in your home directory are used in this order.
To enable this credential helper:
git config credential.helper '$shortname -f AUTHFILE1 -f AUTHFILE2'
(Note that Git will prepend "
git-credential-
" to the helper name and look for it in the path.)
# and if you want lots of debugging info:
git config credential.helper '$shortname -f AUTHFILE -d'
#or to see the files opened and data found:
git config credential.helper '$shortname -f AUTHFILE -v'
See a full example at "Is there a way to skip password typing when using https:// github
"
With Git 2.18+ (June 2018), you now can customize the GPG program used to decrypt the encrypted .netrc
file.
See commit 786ef50, commit f07eeed (12 May 2018) by Luis Marsano (``).
(Merged by Junio C Hamano -- gitster
-- in commit 017b7c5, 30 May 2018)
git-credential-netrc
: acceptgpg
option
git-credential-netrc
was hardcoded to decrypt with 'gpg
' regardless of the gpg.program option.
This is a problem on distributions like Debian that call modern GnuPG something else, like 'gpg2
'
You can also install Git Credential Manager for Windows to save Git passwords in Windows credentials manager instead of _netrc
. This is a more secure way to store passwords.
This will let Git authenticate on HTTPS using .netrc
:
- The file should be named
_netrc
and located inc:\Users\<username>
. - You will need to set an environment variable called
HOME=%USERPROFILE%
(set system-wide environment variables using the System option in the control panel. Depending on the version of Windows, you may need to select "Advanced Options".). - The password stored in the
_netrc
file cannot contain spaces (quoting the password will not work).