On Thu, 23 Nov 2023 at 11:10, Simon Ser <contact@emersion.fr> wrote:
> git-send-email can use gitcredentials though.
Right, but I'm trying to retrieve those credentials from a
password-store file where my encryption key is on a removeable device.
The below based on suggestions earlier in this thread is not working for
me. I think it is not working for me because my encryption key is on a
removeable device. If I use the commented out helper instead it does
work and I've see posts [1] where the bare pass command works but not
for me.
[credential]
protocol = smtp
#helper = "!f() { test \"$1\" = get && echo password=$(cat
$HOME/.secret); }; f"
helper = "!f() { test \"$1\" = get && echo password=$(pass
dev/send-email); }; f"
[sendemail]
annotate = yes
smtpEncryption = tls
smtpServer = smtp.gmail.com
smtpServerPort = 587
smtpUser = <gmail email address>
[1] https://www.ryanlue.com/posts/2019-04-19-git-credential-with-pass
25 Nov 2023 18:47:49 Niall Dooley <dooleyn@gmail.com>:
> On Thu, 23 Nov 2023 at 11:10, Simon Ser <contact@emersion.fr> wrote:>> git-send-email can use gitcredentials though.>> Right, but I'm trying to retrieve those credentials from a> password-store file where my encryption key is on a removeable device.> The below based on suggestions earlier in this thread is not working > for> me. I think it is not working for me because my encryption key is on a> removeable device. If I use the commented out helper instead it does> work and I've see posts [1] where the bare pass command works but not> for me.>> [credential]> protocol = smtp> #helper = "!f() { test \"$1\" = get && echo password=$(cat> $HOME/.secret); }; f"> helper = "!f() { test \"$1\" = get && echo password=$(pass> dev/send-email); }; f"> [sendemail]> annotate = yes> smtpEncryption = tls> smtpServer = smtp.gmail.com> smtpServerPort = 587> smtpUser = <gmail email address>>> [1] https://www.ryanlue.com/posts/2019-04-19-git-credential-with-pass
May I suggest using the libsecret API? I am sure there's a compatibility
layer if not native support.
[credential]
helper = store
credentialStore = secretservice
--
Moritz Poldrack
https://moritz.sh
On Sat, 25 Nov 2023 at 19:10, Moritz Poldrack <moritz@poldrack.dev> wrote:
> May I suggest using the libsecret API? I am sure there's a compatibility> layer if not native support.>> [credential]> helper = store> credentialStore = secretservice
Thanks, but isn't libsecret for working with gnome-keyring?
Also, doesn't the store helper save your credentials in plaintext to
~/.git-credentials by default.
On 23/11/25 11:27PM, Niall Dooley wrote:
> Thanks, but isn't libsecret for working with gnome-keyring?> > Also, doesn't the store helper save your credentials in plaintext to> ~/.git-credentials by default.
I have no idea why you Cc'd me, but since you did, I don't use GNOME and
similar bloated software. I use dwm started from ~/.xinitrc by startx on login
through getty, and isync+msmtp managed by Luke Smith's mutt-wizard. I have
this in my .gitconfig:
[sendemail]
from = contact@strahinja.org
sendmailCmd = msmtp -a contact@strahinja.org
This automatically calls gpg-agent and the appropriate pinentry program (I use
pinentry-dmenu) as necessary to enter the password to decrypt my secret key.
Most importantly, this setup Just Works™ for git send-email.
On Sat, 25 Nov 2023 at 18:46, Niall Dooley <dooleyn@gmail.com> wrote:
> I've see posts [1] where the bare pass command works but not> for me.
OK, reviewing [1] again the following is working for me now.
[credential "smtp://smtp.gmail.com:587"]
helper = !pass dev/send-email
[sendemail]
annotate = yes
smtpEncryption = tls
smtpServer = smtp.gmail.com
smtpServerPort = 587
smtpUser = <gmail email address>
The key is that the password-store file (dev/send-email) which stores
the app specific password must have a "password=" prefix before the
password per [2]. Not sure if it is necessary but I also removed the
spaces from the app specific password.
As [1] states the credential username attribute just uses the value of
smtpUser though I store it as username=<username> in the same
password-store file in any case.
Also, despite what [1] states I did not have to HTML-escape
the special characters in the address of the server I was authenticating
against nor include the username here either.
Hope this helps someone else in the future.
[1] https://www.ryanlue.com/posts/2019-04-19-git-credential-with-pass
[2] https://git-scm.com/docs/git-credential#IOFMT