git-credential-keepassxc

git-credential-keepassxc is a Git credential helper that allows Git to get/store logins from/to KeePassXC.

It communicates with KeePassXC using keepassxc-protocol which is originally designed for browser extensions.

How to install

1. Install Rust compiler via rustup or your favourite package manager
2. Run cargo install git-credential-keepassxc (or cargo install --git https://github.com/Frederick888/git-credential-keepassxc.git for the latest development version)

Note: Make sure $CARGO_INSTALL_ROOT is in your search path.

Configuration

Similar as the browser extensions, git-credential-keepassxc needs to be associated with KeePassXC first.

Run:

$ git-credential-keepassxc configure
$ git config --global credential.helper keepassxc 

A group (by default Git) will be created to store new logins.

Limit callers

git-credential-keepassxc allows you to limit callers (though you should probably have a look at some MAC systems to properly achieve this), for instance:

# don't forget to add yourself first
$ git-credential-keepassxc callers add --uid "$(id -u)" --gid "$(id -g)" "$(readlink -f "$0")"
# then allow Git
$ git-credential-keepassxc callers add --uid "$(id -u)" --gid "$(id -g)" "$(command -v git)"

$ sh -c 'printf "url=https://example.com\nusername=foo\n" | git-credential-keepassxc get'
May 10 12:51:56.108 ERRO You are not allowed to use this program, Caused by: N/A, Message: You are not allowed to use this program
$ printf 'url=https://example.com\nusername=foo\n' | git credential fill
May 10 12:52:53.995 WARN Request get-logins failed. Error: No logins found, Error Code: 15
May 10 12:52:53.995 ERRO Request get-logins failed, Caused by: N/A, Message: Request get-logins failed

# disable this function
$ git-credential-keepassxc callers clear