Wednesday, May 6, 2026

Managing Git PAT and Credentials on Ubuntu Laptop

See All Posts on GitHub    <<< Previously 

my git push command always prompts for username and password. 
Can't I put it in environment variables or something to not having to enter it again and again? 
I am using Ubuntu and repo is on GitHub

Yes—you shouldn’t need to type your username/password every time. In fact, GitHub no longer supports password auth for Git pushes, so what you’re seeing is usually because you're using HTTPS without proper credential storage.

Here are the best ways to fix it (ranked) 👇

✅ Option 1 (Recommended): Use SSH (No prompts ever)

This is the cleanest, most developer-friendly setup.

Step 1: Generate SSH key

Bash
ssh-keygen -t ed25519 -C "your_email@example.com"

Press Enter through prompts.

Step 2: Add SSH key to ssh-agent

Bash
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519

Step 3: Copy public key

Bash
cat ~/.ssh/id_ed25519.pub

Step 4: Add it to GitHub

Go to:
👉 GitHub → Settings → SSH and GPG Keys → New SSH Key

Paste the key.

Step 5: Switch your repo to SSH

Check current remote:

Bash
git remote -v

Change it:

Bash
git remote set-url origin git@github.com:USERNAME/REPO.git

Done 🎉

Now:

Bash
git push

👉 No username/password ever again.

✅ Option 2: Use Git Credential Helper (HTTPS but cached)

If you want to stay on HTTPS:

Store credentials permanently

Bash
git config --global credential.helper store

Then do one push:

Bash
git push

Enter username + Personal Access Token (NOT password) once.

After that, Git saves it in:

~/.git-credentials

More secure option (recommended over store)

Bash
git config --global credential.helper cache

  • Keeps credentials in memory (default 15 min)

  • You can extend:

Bash
git config --global credential.helper 'cache --timeout=3600'

⚠️ Important (GitHub authentication change)

Since 2021, GitHub requires:

  • ❌ Password → NOT allowed

  • ✅ Personal Access Token (PAT)

Create one here:
👉 GitHub → Settings → Developer Settings → Personal Access Tokens

🚫 About Environment Variables

You can technically do this:

Bash
export GIT_USERNAME=...
export GIT_PASSWORD=...

But:

  • ❌ Git doesn’t use these directly for auth

  • ❌ Not secure (visible in process/env)

  • ❌ Not standard practice

👉 So avoid this approach.

💡 My Recommendation for You

Since you're a developer (and doing frequent pushes):

👉 Switch to SSH — one-time setup, zero friction afterward.

If you want, I can:

  • Check your current repo setup (git remote -v)

  • Or give you a 1-command script to fully switch to SSH 🚀



I prefer this Option 2: Use Git Credential Helper (HTTPS but cached) 
What happens when my PAT changes after 90 days?


Good question—this is exactly where people get tripped up with HTTPS + PAT 👍

🔄 What happens when your PAT expires?

When your Personal Access Token (PAT) expires (e.g., after 90 days on GitHub):

👉 Next git push:

  • Git tries using the old cached token

  • GitHub rejects it ❌

  • You’ll see something like:

    remote: Invalid username or password
    fatal: Authentication failed

🧠 What Git does internally

If you're using:

1. credential.helper store

  • Old PAT is saved in:

    ~/.git-credentials

  • Git keeps using it → keeps failing until you replace it

2. credential.helper cache

  • Stored in memory only

  • Once expired → you’ll be prompted again automatically

👉 This is why cache is smoother for PAT rotation.

🛠️ How to fix when PAT expires

Option A: Just retry push (simplest)

Bash
git push

  • It will prompt again

  • Enter:

    • Username: your GitHub username

    • Password: new PAT

👉 Git updates stored credentials automatically (for both store and cache)

Option B: Manually remove old credentials (if stuck)

If Git keeps failing without prompting:

For store:

Bash
nano ~/.git-credentials

Delete the line with GitHub credentials.

Or:

Bash
rm ~/.git-credentials

Then:

Bash
git push

Option C: Force Git to forget credentials

Bash
git credential reject

Or:

Bash
git config --global --unset credential.helper
git config --global credential.helper store

🔐 Best Practice for You

Since you're on Ubuntu and want low friction:

👉 Recommended setup:

Bash
git config --global credential.helper cache
git config --global credential.helper 'cache --timeout=86400'

  • 24-hour memory cache

  • No file storage

  • Smooth re-auth when PAT changes

⚡ Pro Tip (Optional but powerful)

Instead of expiring tokens every 90 days:

👉 When creating PAT on GitHub:

  • Choose longer expiry (or no expiry if allowed in your org)

  • Scope: repo (usually enough)

🧭 Summary

ScenarioWhat happensWhat you do
PAT expiresPush failsRe-enter new PAT
Using storeKeeps failing silentlyDelete ~/.git-credentials
Using cachePrompts again automaticallyJust re-enter

If you want, I can show you a one-time setup using Git Credential Manager (GCM) which is even cleaner (and handles PAT refresh better).


See All Posts on GitHub    <<< Previously
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)