Sunday Quicky #6: Essential Initial Git Settings on Linux When 2FA is Set Up on Github

So you’re set up on Github, and being the privacy conscious person you are you have Two Factor Authentication turned on. You’ve added a personal access token so that you can push from repos from a machine. Now you have a new install of Git on some flavour of Linux and you want to configure Git on the command line to be as frictionless as possible while you’re using it, while still remaining secure. What you really need for this is to set up credential caching so that you won’t need to enter your password every time you run git push. Let’s explore this and some other initial configuration steps that will make use of Git that much easier.

Assumptions

I’m assuming you already have a Github account (daw). I’m assuming you have 2FA set up. I’m assuming you have set up a personal access token in the developer settings on Github. Finally, I’m assuming you have access to that personal access token so that you can use it.

Initial Common Config Settings

The most common settings to change first are setting your Github name and email from git config:

$ git config --global user.name "Bilbo Baggins"
$ git config --global user.email bilbo@theshire.net

Next, I like to set the default text editor. For me that’s Vim, oh and I’m also a spaces guy…

$ git config --global core.editor vim

That’s pretty much all that I like to change in a new environment. Fear not though, there are a plethora of other configuration options for you to play around with, a lot of which (including the above) are explained in detail over in the Git Configuration page of the Pro Git book.

Credential Caching Config Settings

Personally, I prefer the time limited credential caching. Once this setting is enabled your credentials will be cached for 15 minutes following an authentication. So if you push a repository, change a few things and want to push again, as long as that second push happens withing 15 minutes of the first you won’t need to enter your token for that second push. My workflow is to store the access token in a password manager, when I push first time I copy from there and paste into the command line. And if my next push comes after the 15 minute time I don’t mind copying and pasting again. But if you’re doing a number of pushes for whatever reason in quick succession, you don’t want to be repeating that process so often. I think this gives the best balance of security versus convenience. The setting itself couldn’t be simpler:

git config --global credential.helper cache

This setting is discussed in the comments attached to this gist which also discussed initial Github configuration setings. There are also solutions for more persistent caching of such tokens using the credential helper over on this stack overflow question. Just be careful, one of the solutions using store, stores the credentials unencrypted, which should be avoided. There are encrypted solutions discussed, I just don’t like the idea of any of my authentication credentials being stored in multiple places, I’m aware that leads to a potential single point of failure, but I’ll have to cross that bridge if it ever comes to it.

Leave a Reply

Your email address will not be published.