Permanently authenticating with Git repositories

Redirection notice

This page will redirect to /display/BitbucketServer/Permanently+authenticating+with+Git+repositories .

In addition to SSH, Stash supports HTTP or HTTPS for pushing and pulling from managed Git repositories. However, Git does not cache the user's credentials by default, so you need to re-enter them each time you perform a clone, push or pull.

This page describes two methods for permanently authenticating with Git repositories so that you can avoid typing your username and password each time you are pushing to or pulling from Stash.

On this page:

Using credential caching

You need Git 1.7.9 or above to use the HTTPS Credentials Caching feature.


 On Windows you can use the application git-credential-winstore.

  1. Download the software.
  2. Run it.
  3. You will be prompted for credentials the first time you access a repository, and Windows will store your credentials for use in the future.


On Linux you can use the 'cache' authentication helper that is bundled with Git 1.7.9 and higher. From the Git documentation:

This command caches credentials in memory for use by future git programs. The stored credentials never touch the disk, and are forgotten after a configurable timeout. The cache is accessible over a Unix domain socket,
restricted to the current user by filesystem permissions.

Run the command below to enable credential caching. After enabling credential caching any time you enter your password it will be cached for 1 hour (3600 seconds):

git config --global credential.helper 'cache --timeout 3600'

Run the command below for an overview of all configuration options for the 'cache' authentication helper:

git help credential-cache


Follow these steps to use Git with credential caching on OS X:

  1. Download the binary git-credential-osxkeychain.
  2. Run the command below to ensure the binary is executable:

    chmod a+x git-credential-osxkeychain
  3. Put it in the directory /usr/local/bin.
  4. Run the command below:

    git config --global credential.helper osxkeychain

Using the .netrc file

The .netrc file is a mechanism that allows you to specify which credentials to use for which server. This method allows you to avoid entering a username and password every time you push to or pull from Git, but your Git password is stored in plain text.


  • Git uses a utility called cURL under the covers, which respects the use of the .netrc file. Be aware that other applications that use cURL to make requests to servers defined in your .netrc file will also now be authenticated using these credentials. Also, this method of authentication is potentially unsuitable if you are accessing your Stash server via a proxy, as all cURL requests that target a path on that proxy server will be authenticated using your .netrc credentials.
  • cURL will not match the machine name in your .netrc if it has a username in it, so make sure you edit your .git/config file in the root of your clone of the repository and remove the user and '@' part from any clone URL's (URL fields) that look like to make them look like


  1. Create a text file called _netrc in your home directory (e.g. c:\users\kannonboy\_netrc). cURL has problems resolving your home directory if it contains spaces in its path (e.g. c:\Documents and Settings\kannonboy). However, you can update your %HOME% environment variable to point to any directory, so create your _netrc in a directory with no spaces in it (for example c:\curl-auth\) then set your %HOME% environment variable to point to the newly created directory.
  2. Add credentials to the file for the server or servers you want to store credentials for, using the format described below:

    login myusername 
    password mypassword
    login myotherusername
    password myotherpassword   

Linux or OS X

  1. Create a file called .netrc in your home directory (~/.netrc). Unfortunately, the syntax requires you to store your passwords in plain text - so make sure you modify the file permissions to make it readable only to you.
  2. Add credentials to the file for the server or servers you want to store credentials for, using the format described in the 'Windows' section above. You may use either IP addresses or hostnames, and you do not need to specify a port number, even if you're running Stash on a non-standard port.

  3. And that's it! Subsequent git clone, git pull and git push requests will now be authenticated using the credentials specified in this file.

Was this helpful?

Thanks for your feedback!

Why was this unhelpful?

Have a question about this article?

See questions about this article

Powered by Confluence and Scroll Viewport