By default git stores credentials globally but it can be configured to cache credentials on a per-repo basis.
On OS X a tool called
osxkeychain is used to store your GitHub credentials. This tool stores your credentials in the OS X Keychain which you can see by running the
Keychain Access app in your OS X Applications. To ensure this helper is working, run:
git config --global credential.helper osxkeychain
To authenticate myself with GitHub I prefer to use Personal Access Tokens as they’re a more granular and easily-repudiated credential, so you can visit github.com/settings/tokens and generate a token. Usually I have
repo scope only as I just need to manage repos.
Keep a note of this token now as you won’t be able to see it again once you leave the GitHub page. It should be kept somewhere safe, such as a password manager like gopass. I have a little script that gets my access token and copies it into the clipboard buffer (although that might not be the most secure approach) ready for me to paste when my credentials are requested.
At this stage you can use your username and this access token when git asks for your credentials, however these credentials will be stored for all repos from GitHub. To use these credentials on a per-repo basis, run:
git config --global credential.usehttppath true
This will mean that git can cache different credentials for github.com/person/example and github.com/person/another rather than just one set of credentials for github.com. Note that you should use Clone with HTTPS, such as
git clone https://github.com/person/example.git not Clone with SSH such as
git clone firstname.lastname@example.org:person/example.git because using SSH just use an SSH key (if you have one set up) rather than the access token.
When git needs credentials, it will prompt you as:
Cloning into 'example'... Username for 'https://github.com/person/example.git': YOUR_USERNAME Password for 'https://email@example.com/person/example.git': YOUR_ACCESS_TOKEN
At this stage you can create another access token in a different GitHub account and then use this different when working with another repo on the same system.
You will be able to see these different credentials in your OS X Keychain by running Keychain Access and searching for github. You should see a list of credentials for GitHub which, when clicked on, look like:
These credentials can then be deleted from your Keychain if you no longer require them.