Make GPG Pass store path configurable by git config (#1698)

I found this change beneficial when using conditional git configuration includes for multiple git identities and `pass` password stores. It lets me transparently select appropriate password store without need to set its path explicitly by environment variable. For example: > ~/.config/git/config: ``` [user] name = John Doe email = [email protected] [credential] credentialStore = gpg helper = /usr/local/bin/git-credential-manager gpgPassStorePath = /home/jdoe/.password-store [includeIf "gitdir:~/Work/"] path = config.work ``` > ~/.config/git/config.work: ``` [user] name = John Doe (Umbrella Corp.) email = [email protected] [credential] gpgPassStorePath = /home/jdoe/.password-store.umbrella ```
git-ecosystem · Sep 30, 2024 · 4e8e593 · 4e8e593
2 parents 415adfe + 0b3d846
commit 4e8e593
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 1 deletion.
diff --git a/docs/configuration.md b/docs/configuration.md
@@ -633,6 +633,24 @@ git config --global credential.dpapiStorePath D:\credentials
 
 ---
 
+### credential.gpgPassStorePath
+
+Specify a custom directory to store GPG-encrypted [pass][pass]-compatible credential files
+in when [`credential.credentialStore`][credential-credentialstore] is set to `gpg`.
+
+Defaults to the value `~/.password-store` or `%USERPROFILE%\.password-store`.
+
+#### Example
+
+```shell
+git config --global credential.gpgPassStorePath /mnt/external-drive/.password-store
+```
+
+**Note:** Location of the password store used by [pass][pass] can be overridden by the
+`PASSWORD_STORE_DIR` environment variable, see the [man page][pass-man] for details.
+
+---
+
 ### credential.msauthFlow
 
 Specify which authentication flow should be used when performing Microsoft
@@ -1042,6 +1060,7 @@ Defaults to disabled.
 [provider-migrate]: migration.md#gcm_authority
 [cache-options]: https://git-scm.com/docs/git-credential-cache#_options
 [pass]: https://www.passwordstore.org/
+[pass-man]: https://git.zx2c4.com/password-store/about/
 [trace2-normal-docs]: https://git-scm.com/docs/api-trace2#_the_normal_format_target
 [trace2-normal-env]: environment.md#GIT_TRACE2
 [trace2-event-docs]: https://git-scm.com/docs/api-trace2#_the_event_format_target

diff --git a/src/shared/Core/Constants.cs b/src/shared/Core/Constants.cs
@@ -162,6 +162,7 @@ public static class Credential
                 public const string DevUseLegacyUiHelpers = "devUseLegacyUiHelpers";
                 public const string MsAuthUseDefaultAccount = "msauthUseDefaultAccount";
                 public const string GuiSoftwareRendering = "guiSoftwareRendering";
+                public const string GpgPassStorePath = "gpgPassStorePath";
 
                 public const string OAuthAuthenticationModes = "oauthAuthModes";
                 public const string OAuthClientId            = "oauthClientId";

diff --git a/src/shared/Core/CredentialStore.cs b/src/shared/Core/CredentialStore.cs
@@ -276,7 +276,8 @@ private void ValidateGpgPass(out string storeRoot, out string execPath)
             // Check for a redirected pass store location
             if (!_context.Settings.TryGetSetting(
                 GpgPassCredentialStore.PasswordStoreDirEnvar,
-                null, null,
+                Constants.GitConfiguration.Credential.SectionName,
+                Constants.GitConfiguration.Credential.GpgPassStorePath,
                 out storeRoot))
             {
                 // Use default store root at ~/.password-store