pub fn git_credential_helper(cred: &Credential) -> GitCredentialHelperExpand description
Build a git credential.helper invocation that supplies cred over HTTPS
while keeping the secret out of argv (which is broadly observable). The
returned config_args install an inline
helper that prints the credential read from two environment variables; the
secret value appears only in env, i.e. the child
process environment. A leading empty credential.helper= first clears any
inherited helper so only ours runs.
The helper is a tiny POSIX-shell snippet: git runs credential.helper values
that begin with ! via the shell it ships with (so this works on Windows too,
where Git for Windows bundles its own sh — it never goes through cmd.exe).
It applies to HTTPS remotes only: git invokes a credential helper just for
HTTP(S) user/password auth, so an SSH remote ignores it and falls through to
the SSH agent. It is opt-in — built only when a CredentialProvider yields a
credential — so the default path is unchanged. The helper answers only git’s
get action (never store/erase), so the secret is never written to a
credential cache or config; it lives only in the child’s environment.
The username/secret must not contain a newline: git’s credential protocol is
line-based, so an embedded \n is read as the end of the value (git truncates
there). Real tokens and usernames never contain one.