Auto Configure Git client proxy authentication

Alex Mags
Page content

This post has some PowerShell to make Git client work on Windows in corporate environment.

Short version

  • Use the Microsoft Credential Manager for Git.
  • Don’t expose passwords in plaintext in Git config or environment variable. The Microsoft Credential Manager will store creds for proxy amd git repo in Windows Credential Manager
  • Git client doesn’t accept domain name in Git config, when you enter creds in Credential Manager change ID to <userID> format

Automatically configurge Git client to authenticate with corporate proxy

Git client doesn’t support Web Proxy Auto Discovery (WPAD). Proxy needs to be hardcoded to use a proxy if thats your route to internet. This PowerShell autoamtion takes a guess at what Git config should be for proxy by looking for connections to common web proxy port 8080. The code figures out value for the following git configuration command:

git config –global http.proxy “http://$($currentUser.SamAccountName)@$($proxyFullyQualifiedDomainName):$($proxyPort)” Note: Git config doesn’t support domain name or UPN in the user ID part of proxy config, at Credenial Manager prompt, add domain name in login ID <userID> if you get authentication problem with proxy.

Automatically configurge Git client user details via AD lookup

Git client needs to be hardcoded with name and email address that will be recorded against your commits to repos. Strangely, the creds you use to authenticate to a repo are not used in the repo commits audit trail. You get to choose who your commits appear be from making it an unreliable audit trail. In security concious corp environments, code repository administrators resolve this using pre-commit hooks that compare the email address entered in git client to the email address recorded against connected user ID. This ensures the name recorded against commits can be reconciled to a real user account. Configuring Git client to match what the repo is expecting is important here. Anyway, here’s a snippet to configure Git client using Active Directory account details.

Set user’s Git config data location as %appdata%\git

By default Git puts user data in %homedrive%%homepath%. This breaks if corp network homedrive is unavailable. In a Windows environment %appdata% works better.

Find more IT Infrastructure tips at blog.alexmags.com