/git-credential-op

A git credential helper powered by the 1Password CLI

Primary LanguageGoMIT LicenseMIT

git-credential-op

Build Status Go Report Card GoDoc

The git-credential-op is a custom Git credential helper built on top of 1Password CLI.

You can use it to access remote repositories over HTTPS with credentials like GitHub's Personal Access Tokens (PATs) stored in 1Password instead of built-in credential helpers.

Status

⚠️ WARNING: This project is experimental. Things might break or not work as expected.

Features

  • Read credentials
  • Store credentials
  • Erase credentials

Platforms

Architecture macOS Linux Windows
x86 N/A
amd64
arm64

Installation

I recommend downloading the latest build from GitHub releases page and putting it somewhere on your $PATH (e.g. /usr/local/bin).

Build from Sources

If you have Go installed on your machine, you can also install the helper from sources with:

go install github.com/gbernady/git-credential-op/cmd/git-credential-op@latest

Usage

Make sure you have the latest version of 1Password CLI installed on your system and you are signed in to your 1Password account. If everything is set up correctly, you should be able to list your vaults by running op vault ls in your terminal:

$ op vault ls
ID                            NAME
ynghx4vcntp3zvhqyehlcp7v7f    Personal

Once you have 1Password CLI up and running, you can enable the credential helper in your git configuration with:

git config --global credential.helper op

Note: The credential helper only looks for credential saved in the API Credential category in 1Password.

Configuration Flags

The credential helper accepts a few configuration flags that can be used to modify the default behavior like this:

git config --global credential.helper "op [flags]"

Flags

  • --account <name> - the account to use (if more than one is available on the machine)
  • --vault <name> - the vault to use; defaults to the Personal vault

Troubleshooting

Private Homebrew taps

Homebrew filters envs including $PATH, so it won't be able to find the git-credential-op helper. This can be worked around with an absolute path to the binary.

On top op that, the user environment set up by Homebrew for installing formulae does not contain any local machine configs like the $HOME/.gitconfig.

Disabling System Helper

On some machines (e.g., running macOS), a credential helper may already be configured in the system-wide $(prefix)/etc/gitconfig file. Since the system-wide configuration is read first by Git, that helper will be consulted before this one to store the credential and return in on subsequent use.

If that's not what you want, you can either modify the system-wide config file or disable reading it altogether with the GIT_CONFIG_NOSYSTEM environment variable:

export GIT_CONFIG_NOSYSTEM=1

License

The code is licensed under the MIT License.