Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error "No credential store has been selected" when using multiple credential helpers #1283

Closed
hickford opened this issue Jun 7, 2023 · 3 comments · Fixed by #1740
Closed
Assignees
Labels
enhancement New feature or request help-wanted The core maintainers aren't planning to build this, but we would welcome a community contribution!

Comments

@hickford
Copy link
Contributor

hickford commented Jun 7, 2023

Git supports multiple credential helpers configured in sequence. I tried the following Git config to use a custom storage helper followed by GCM:

[credential]
	helper = storage
	helper = manager

But GCM gave me error:

fatal: No credential store has been selected.

This refers to the choice of GCM's internal credential store. This error makes sense when GCM is the only Git credential helper, but is superfluous when multiple credential helpers are configured.

Workaround: effectively disable GCM's internal credential store by telling it to cache with timeout zero.

[credential]
	helper = storage
	helper = manager
	credentialStore = cache
	cacheoptions = --timeout 0
@hickford
Copy link
Contributor Author

hickford commented Jun 7, 2023

It would be interesting to understand any differences in behaviour between typical GCM configuration with internal credential store:

[credential]
	helper = manager
	credentialStore = keychain

and using GCM as one of multiple Git credential helpers

[credential]
	helper = osxkeychain 
	helper = manager
	credentialStore = cache
	cacheoptions = --timeout 0

@mjcheetham
Copy link
Collaborator

It would be interesting to understand any differences in behaviour between typical GCM configuration with internal credential store:
and using GCM as one of multiple Git credential helpers

At least for the macOS Keychain, there are some differences in the actual keychain entry that is used. GCM uses kSecClassGenericPassword class for items, whereas git-credential-osxkeychain uses ksecclassinternetpassword (by virtue of using the *InternetPassword Keychain APIs.

The other is the identity of the application that is actually reading/writing to the keychain is different. macOS Keychain's ACLs record the specific executable identity that can access those entries:

image image

Finally, we preface our credentials with an optional namespace that is user configurable.. defaulting to git. So our credentials are stored as git:<service> on all platforms by default, whereas osxkeychain doesn't prefix (cannot, due to being an internet password class).

@mjcheetham
Copy link
Collaborator

This error makes sense when GCM is the only Git credential helper, but is superfluous when multiple credential helpers are configured.

One thing we could consider is adding a passthrough option to credentialStore that effectively does the same as the cache workaround and just acts as a no-op.

@ldennington ldennington added enhancement New feature or request help-wanted The core maintainers aren't planning to build this, but we would welcome a community contribution! labels Aug 28, 2023
@mjcheetham mjcheetham self-assigned this Oct 15, 2024
mjcheetham pushed a commit that referenced this issue Oct 15, 2024
Add a null/no-op credential store option that, as the name suggests,
does nothing. This can be useful if the user wants to use another
credential helper, configured in-front of GCM via Git, to store
credentials.

Example config:

```ini
[credential]
	credentialStore = none
	helper = /bin/my-awesome-helper
	helper = /usr/local/bin/git-credential-manager
```

In this example, the `my-awesome-helper` will be consulted first to
retrieve existing credentials before GCM, and will be asked to store any
credentials generated by GCM.

Fixes
#1283
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request help-wanted The core maintainers aren't planning to build this, but we would welcome a community contribution!
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants