godot-git-plugin icon indicating copy to clipboard operation
godot-git-plugin copied to clipboard
verified publisher icon godotengine

How to store the password persistently?

Open h0lley opened this issue 2 years ago • 10 comments

every time the editor is restarted, I need to navigate over Project > Version Control > Version Control Settings and retype the password. as for me the point in using this plugin is to make my life easier I don't want to have to that. other git clients also do not require this. I don't want to / am able to use SSH keys with the remote repository in question.

at the very least, instead of error when attempting to push after a restart, the user should be prompted with a password input form.

h0lley avatar Mar 28 '23 21:03 h0lley

I have only been using the plugin with SSH public key path, and that configuration is retained from invocation to invocation.

I did see the following in the FAQ at https://github.com/godotengine/godot-git-plugin/wiki/Git-plugin-v3

Why isn't my remote HTTPS password/SSH passphrase getting saved in the editor?

Currently, the Godot Editor will not save your passwords locally on disk to avoid exposing your passwords to malicious parties. All other remote login settings will be retained.

So it looks like a known issue, but it certainly seems like an unreasonable limitation.

markeel avatar Mar 29 '23 05:03 markeel

We should probably add a GODOT_GIT_PASSWORD environment variable you can specify before Godot starts, so that you don't have to store the password in editor settings.

Calinou avatar Mar 29 '23 17:03 Calinou

does the plugin interact with the native terminal/commandline git? if we save credentials in the terminal can the plugin use it? maybe that way it's more "secure" if you do it from the terminal.

leleleSDX avatar Apr 11 '23 02:04 leleleSDX

Please find a way to fix this behavior or a workaround because it's really making our team loses time to each time re-open and re-set the password every time they restart the editor. We are even discussing moving onto Rider or CLion and only code from there instead of the Godot Editor because there is a better Git support overhaul (the only thing making us hesitating is the Godot 4.0 plugin which does not gives support for GDShaders & all the GDScript features).

Ayfri avatar Apr 21 '23 08:04 Ayfri

I would highly recommend using SSH credentials instead of a password. This eliminates the need to use a password on both the GIT command line, and if configured within the Godot Editor. There was a bug in the Godot GIT Plugin that I have a solution for in issue #172. I've been using it successfully and never have to deal with passwords. Feel free to send me a direct message and I can try to help with the solution I came up with.

So to add a credential on Linux you simply use the ssh-copy-id command. I'm sure there is an equivalent mechanism on Windows or Mac.

markeel avatar Apr 21 '23 19:04 markeel

absolutely, generally speaking using SSH keys should be advised, but it should also be up to the user to gauge the level of security they need and make the appropriate choice for their specific case and project.

typically git clients check ~/.git-credentials where the user may have opted to have the git credentials manger store their logins. afaik windows has its own credentials manager solution.

h0lley avatar Apr 22 '23 20:04 h0lley

Interesting comment about git-credentials. I actually tried to do an experiment yesterday, but had no success in using that feature from the git command line. The "git pull" command would always prompt for the password even though it was in the store. If you have successfully used credentials, please point me to the correct setup commands and I'll test the patch I made using that technique and not just SSH credentials.

markeel avatar Apr 23 '23 00:04 markeel

to use this feature, when you do git config credential.helper in the repository you are testing with it should return store. otherwise, it can be set via git config --global credential.helper store (with or without --global flag depending if it should be system wide or only for this repository). more info here: https://git-scm.com/docs/gitcredentials

perhaps the section about custom helpers is relevant, too?

You can write your own custom helpers to interface with any system in which you keep credentials.

h0lley avatar Apr 23 '23 11:04 h0lley

I did some more investigation and the git credential helper is only for the HTTP protocol. If you want password-less for SSH protocol you should use the SSH credentials using ssh-copy-id or equivalent.

See Stack Overflow response: https://stackoverflow.com/questions/76086068/why-is-git-pull-not-using-git-credentials-when-credential-helper-set-to-store-f

So the bottom line is, you can set up SSH credentials on your client and then use the SSH Public/Private Key Path in the Godot Git plugin IF you use the fix provided in the pull request: https://github.com/godotengine/godot-git-plugin/pull/173.

This should address your original workflow issue and stop you from having to reenter your password all the time.

On another note, I don't know how to stimulate the review to let this pull request be merged, maybe @Calinou can shed some light on the process.

markeel avatar Apr 23 '23 19:04 markeel