diff options
| -rw-r--r-- | Documentation/RelNotes/2.37.0.txt | 4 | ||||
| -rw-r--r-- | Documentation/config/fetch.txt | 34 |
2 files changed, 31 insertions, 7 deletions
diff --git a/Documentation/RelNotes/2.37.0.txt b/Documentation/RelNotes/2.37.0.txt index 8f1ff3a596..39ca3606de 100644 --- a/Documentation/RelNotes/2.37.0.txt +++ b/Documentation/RelNotes/2.37.0.txt @@ -55,7 +55,9 @@ UI, Workflows & Features * Update the doctype written in gitweb output to xhtml5. * The "fetch.credentialsInUrl" configuration variable controls what - happens when a URL with embedded login credential is used. + happens when a URL with embedded login credential is used on either + "fetch" or "push". Credentials are currently only detected in + `remote.<name>.url` config, not `remote.<name>.pushurl`. Performance, Internal Implementation, Development Support etc. diff --git a/Documentation/config/fetch.txt b/Documentation/config/fetch.txt index 0db7fe85bb..827961059f 100644 --- a/Documentation/config/fetch.txt +++ b/Documentation/config/fetch.txt @@ -98,12 +98,34 @@ fetch.writeCommitGraph:: `git push -f`, and `git log --graph`. Defaults to false. fetch.credentialsInUrl:: - A URL can contain plaintext credentials in the form - `<protocol>://<user>:<password>@<domain>/<path>`. Using such URLs - is not recommended as it exposes the password in multiple ways, - including Git storing the URL as plaintext in the repository config. - The `fetch.credentialsInUrl` option provides instruction for how Git - should react to seeing such a URL, with these values: + A configured URL can contain plaintext credentials in the form + `<protocol>://<user>:<password>@<domain>/<path>`. You may want + to warn or forbid the use of such configuration (in favor of + using linkgit:git-credential[1]). ++ +Note that this is currently limited to detecting credentials in +`remote.<name>.url` configuration, it won't detect credentials in +`remote.<name>.pushurl` configuration. ++ +You might want to enable this to prevent inadvertent credentials +exposure, e.g. because: ++ +* The OS or system where you're running git may not provide way way or + otherwise allow you to configure the permissions of the + configuration file where the username and/or password are stored. +* Even if it does, having such data stored "at rest" might expose you + in other ways, e.g. a backup process might copy the data to another + system. +* The git programs will pass the full URL to one another as arguments + on the command-line, meaning the credentials will be exposed to oher + users on OS's or systems that allow other users to see the full + process list of other users. On linux the "hidepid" setting + documented in procfs(5) allows for configuring this behavior. ++ +If such concerns don't apply to you then you probably don't need to be +concerned about credentials exposure due to storing that sensitive +data in git's configuration files. If you do want to use this, set +`fetch.credentialsInUrl` to one of these values: + * `allow` (default): Git will proceed with its activity without warning. * `warn`: Git will write a warning message to `stderr` when parsing a URL |