Do Not Store Git Credentials After Commit

So I work for a consultancy and as a result we have alot of shared logins to environments belonging to our clients. It is not feasible for us to have individual logins for each of them because it would be too much for our clients to manage so having a generic windows VM account is a given.

This causes problems with our commits to source control however, UiPath caches the credentials in Windows Credential manager and pulls from them the next time someone commits, this causes the same credentials to be used over and over when different people use the VM.

Is there any way to make sure that the GIT commit signature and credentials aren’t stored after each commit to ensure that each person doing a commit has to enter their own?

Remove Credential from Windows Credential & do not credential for authentication use secure key.

Hello @Jon_Smith ,

please refer below.

Yes, I know I can do that, but I was hoping to find a way so they don’t get stored at all to prevent this hassle every time we commit that we need to remove it.

Thats mostly just how to use GIT, which part do you think addresses my question as I don’t see how it does?

There is a session for changing the signature and credentials. Will it be helpful?

No, sorry thats not helpful.

I’m already aware of how to remove them manually. My question was how to prevent them being stored in the first place to prevent these manual actions which is different to what you are addressing.

@Jon_Smith Did you try this option after you commit Disconnect this project from source control

I don’t want to disconnect the project from source control. That would be worse than it being committed under someone elses credentials, that would stop it being commited altogether.

hi @Jon_Smith

Sorry for a very late response!

As someone already else pointed out, this it’s not related to Studio, but how GIT stores credentials under the Windows profile => “Windows Credential Store”

To remove those entries you need to clear that local store.
We have put a batch file on the common Desktop:

For /F "tokens=1,2 delims= " %G in ('cmdkey /list ^| findstr dev.azure.com') do cmdkey /delete %H

note: In our case we are searching for “dev.azure.com”, i.e Azure DevOps credentials.
Replace that with whatever service you are using.

Two options for how to run the batch file:

  1. manually - this is what we do
    Have everybody click it before they disconnect the RDP session
    (or you risk having someone else commit in your name)

  2. logoff script - in the local GPO (might need attention from local IT)
    https://stackoverflow.com/questions/34017542/how-to-schedule-a-windows-task-to-be-run-at-logoff

This is completely inaccurate. “GIT” is not a program, and various software is out there to use GIT, depending on the software you can control your credential storage in different ways, the windows credential store is absolutely NOT an assumed given, but a choice UiPath have made with their addin, if you use TortoiseGIT for example you can choose entirely different ways to store your credentials.

So its absolutely related to studio.
Its actually kind of crazy because you can actually disable the windows credentials vault, yet somehow the UiPath addin still adds entries to it.

The batch script is indeed what I did in the past, but its a pain to need to do it. I feel there should be a simple checkbox asking if I want the credentials saved.

We are both ”right”

Most git clients, I will assume the Studio GIT, would just be a different UI built built on top of this:
https://git-scm.com/book/en/v2/Appendix-B%3A-Embedding-Git-in-your-Applications-Libgit2

Which I refer to as ”GIT”

e.g
https://git-scm.com/downloads/guis

Now, if the UI provider (UiPath) don’t bother to implement a custom way to store credentials, they will inherit how GIT does this (on Windows):
https://git-scm.com/book/en/v2/Git-Tools-Credential-Storage

…. If UiPath instead would have chosen to have a dependency to git.exe and the command line, Studio should respected what ever credentials configured you configured (outside Studio…)

But given,
it would be way harder to handle git errors that way
And,
most UiPath developers couldn’t care less.

The easiest way out is to implement the library and run with Windows Credential Store.

And the third option,
Fork the GIT code and build your own client from scratch, I wouldn’t.