github.com/x-oss-byte/git-lfs@v2.5.2+incompatible/docs/api/authentication.md

github.com/x-oss-byte/git-lfs@v2.5.2+incompatible/docs/api/authentication.md (about)

     1  # Authentication
     2  
     3  The Git LFS API uses HTTP Basic Authentication to authorize requests. Therefore,
     4  HTTPS is strongly encouraged for all production Git LFS servers. The credentials
     5  can come from the following places:
     6  
     7  ## SSH
     8  
     9  Git LFS will add any HTTP headers returned from the `git-lfs-authenticate`
    10  command to any Batch API requests. If servers are returning expiring tokens,
    11  they can add an `expires_in` (or `expires_at`) property to hint when the token
    12  will expire.
    13  
    14  ```bash
    15  # Called for remotes like:
    16  #   * git@git-server.com:foo/bar.git
    17  #   * ssh://git@git-server.com/foo/bar.git
    18  $ ssh git@git-server.com git-lfs-authenticate foo/bar.git download
    19  {
    20    "header": {
    21      "Authorization": "RemoteAuth some-token"
    22    },
    23  
    24    # optional, for expiring tokens, preferred over expires_at
    25    "expires_in": 86400
    26  
    27    # optional, for expiring tokens
    28    "expires_at": "2016-11-10T15:29:07Z"
    29  }
    30  ```
    31  
    32  See the SSH section in the [Server Discovery doc](./server-discovery.md) for
    33  more info about `git-lfs-authenticate`.
    34  
    35  ## Git Credentials
    36  
    37  Git provides a [`credentials` command](https://git-scm.com/docs/gitcredentials)
    38  for storing and retrieving credentials through a customizable credential helper.
    39  By default, it associates the credentials with a domain. You can enable
    40  `credential.useHttpPath` so different repository paths have different
    41  credentials.
    42  
    43  Git ships with a really basic credential cacher that stores passwords in memory,
    44  so you don't have to enter your password frequently. However, you are encouraged
    45  to setup a [custom git credential cacher](https://help.github.com/articles/caching-your-github-password-in-git/),
    46  if a better one exists for your platform.
    47  
    48  If your Git LFS server authenticates with NTLM then you must provide your credentials to `git-credential`
    49  in the form `username:DOMAIN\user password:password`.
    50  
    51  ## Specified in URL
    52  
    53  You can hardcode credentials into your Git remote or LFS url properties in your
    54  git config. This is not recommended for security reasons because it relies on
    55  the credentials living in your local git config.
    56  
    57  ```bash
    58  $ git remote add origin https://user:password@git-server.com/foo/bar.git
    59  ```