Keyring supports for Git to avoid repeating passwords

This article guides you how to set up keychain/keyring to avoid typing your password repeatedly, when using git.

Connection via HTTP/HTTPS

Use KDE wallet

To store passwords in the KDE wallet, you need to install ksshaskpass package:

1
sudo pacman -S ksshaskpass

Then configure git to use it:

1
git config --global core.askpass /usr/bin/ksshaskpass

Alternatively you can use GIT_ASKPASS environmental variable (in .xinitrc for i3):

1
export GIT_ASKPASS='/usr/bin/ksshaskpass'

If you use KDE, you may set the environmental variable by making a script ~/.config/plasma-workspace/env/askpass.sh, as suggested by Arch Wiki.

Temporarily store passwords in memory

You can temporarily store passwords in memory by using credential helper:

1
$ git config credential.helper 'cache'

By default credentials are stored for 15 minutes, to change number of seconds to cache credentials use timeout parameter (30 minutes in this example):

1
$ git config credential.helper 'cache --timeout=1800'

To clear credentials cache before time out execute command:

1
$ git credential-cache exit

You may check manual pages for more information:

1
2
$ man git-credential-cache
$ man gitcredentials

Connection via SSH

The methods aforementioned, configuring .gitconfig, does not work for ssh connections (to github/gitlab). To avoid repeating passphrase, we have to set up ssh-agent correctly.

i3

Since i3 is not like desktop environments, like KDE/Gnome, which provide a complete set of tools. Thus, we have first install a keyring/keychain tool to store passwords. Here we use kwallet from KDE as an example.

Firstly, install kwallet and ksshaskpass packages: (you may also install kwalletmanager as a GUI manager for passwords)

1
sudo pacman -S kwallet ksshaskpass

Then, we need to configure ssh-agent to connect to kwallet to retrieve passphrases:

  • To run ssh-agent when X starts, add it in .xinitrc:

    1
    eval $(ssh-agent -s)
  • We then need to add the RSA keys to ssh-agent and ask ssh-agent to contact kwallet for passphrases. Create a script called ssh-add.sh, for example, containing the following:

    1
    2
    3
    4
    #!/bin/sh

    export SSH_ASKPASS=/usr/bin/ksshaskpass
    ssh-add < /dev/null
  • Run ssh-add.sh whenever i3 starts by configuring ~/.config/i3/config (you may have to change the path of the script):

    1
    exec --no-startup-id $HOME/bin/i3cmds/ssh-add.sh

KDE

In KDE, the configuration will be way easier, since the packages have been installed and almost configured correctly.

Add the script ~/.config/autostart-scripts/ssh-add.sh:

1
2
3
#! /bin/bash
export SSH_ASKPASS=/usr/bin/ksshaskpass
/usr/bin/ssh-add </dev/null

Remember to make it executable by chmod +x ssh-add.sh.

As suggested by Arch Wiki, you may set the environmental variable SSH_ASKPASS separately via a script ~/.config/plasma-workspace/env/askpass.sh:

1
2
#!/bin/sh
export SSH_ASKPASS='/usr/bin/ksshaskpass'

This should be enough. However, some distributions, like Kubuntu, do not start ssh-agent automatically. You may have to start it by adding eval $(ssh-agent -s).