4

After doing the following to set up my CodeCommit repo on AWS with git:

$ git config --global credential.helper '!aws codecommit credential-helper $@'
$ git config --global credential.UseHttpPath true

I can only make one commit before I have to go and delete it from Keychain Access like so:

enter image description here

which is super annoying. Anyone know how to prevent Mac OS X from adding this to keychain on each git push ?

lollercoaster
  • 15,969
  • 35
  • 115
  • 173

2 Answers2

4

Here are some options to avoid this disturbance with keychain:

  • Disable osxkeychain for git:

    $ nano /usr/local/git/etc/gitconfig
# helper = osxkeychain <======== Comment out using #

  • Connect to CodeCommit using SSH instead of HTTPS. For more information, see For SSH Connections on Linux, macOS, or Unix [1].

  • Install a version of Git that does not use the keychain by default.

  • Consider a scripting solution for deleting the keychain item. To view a community-generated sample of a scripted solution, see Mac OS X Script to Periodically Delete Cached Credentials in the OS X Certificate Store in Product and Service Integrations [2].

  • In the Keychain Access utility, on the Access Control tab for git-codecommit.us-east-2.amazonaws.com, choose the Allow all applications to access this item (access to this item is not restricted) option. This prevents the pop-ups, but the credentials eventually expire (on average, this takes about 15 minutes) and you then see a 403 error message. When this happens, you must delete the keychain item to restore functionality.

Much more information on the above options in AWS Docs: [3]

[1] https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-ssh-unixes.html

[2] https://github.com/nicc777/macaws-codecommit-pwdel

[3] Troubleshooting the Credential Helper and HTTPS Connections to AWS CodeCommit - Git for macOS: I configured the credential helper successfully, but now I am denied access to my repository (403) - https://docs.aws.amazon.com/codecommit/latest/userguide/troubleshooting-ch.html#troubleshooting-macoshttps

shariqmaws
  • 8,152
  • 1
  • 16
  • 35
  • 1
    For your first option, that file doesn't exist for me? `stat: /usr/local/git/etc/gitconfig: stat: No such file or directory`. But these are good links, thanks! I'll have to investigate SSH one, that's probably the only palatable one (installing some random code that can touch my keychain is a no-go for me...). – lollercoaster Oct 20 '19 at 07:13
  • @lollercoaster you will probably find that file under `$HOME/.gitconfig` – ChumiestBucket Jul 29 '20 at 20:39
  • @lollercoaster use `git config -l --show-origin` to see all config items and the files they are coming from, so you know which file to modify – user2987504 Apr 27 '23 at 09:51
2

For me this issue is occuring more because of the AWS SSO has short lived access keys, also when you need github for some projects and codecommit for others.

For me the solution was to configure git to use oskeychain for github, and not use it for codecommit..

# identify location of git config file with credential.helper**
git config -l --show-origin
   > file:/<path>/git-core/gitconfig    credential.helper=osxkeychain

# edit the file as root 
sudo vi <path-from-above>

# add github in the credential line so oskeychain not used for other sites
[credential "https://github.com"]
    helper = osxkeychain
dancl
  • 689
  • 5
  • 13
  • Nice, this worked perfectly for me. I used `git config --get-all --show-origin credential.helper` to locate the file, and then followed your answer, thanks! – Saurabh Shrivastava Jul 22 '21 at 08:53
  • If you have installed git via homebrew, you need to update the gitconfig in /opt/homebrew/etc/gitconfig. The script mentioned by @SaurabhShrivastava will show the file path. – Mike Rayco Feb 03 '22 at 08:10