{"id":19102683,"url":"https://github.com/nuckal777/nicator","last_synced_at":"2026-02-17T13:04:05.526Z","repository":{"id":41878442,"uuid":"363685273","full_name":"Nuckal777/nicator","owner":"Nuckal777","description":"A lightweight encrypting git credential helper (for Linux)","archived":false,"fork":false,"pushed_at":"2024-12-28T11:16:13.000Z","size":76,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-10-11T14:02:26.572Z","etag":null,"topics":["git","rust"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"unlicense","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Nuckal777.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-05-02T15:35:09.000Z","updated_at":"2024-12-28T11:16:17.000Z","dependencies_parsed_at":"2025-07-27T20:39:51.837Z","dependency_job_id":"f164073b-abca-44d0-8abf-7fe2a91d5337","html_url":"https://github.com/Nuckal777/nicator","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/Nuckal777/nicator","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Nuckal777%2Fnicator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Nuckal777%2Fnicator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Nuckal777%2Fnicator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Nuckal777%2Fnicator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Nuckal777","download_url":"https://codeload.github.com/Nuckal777/nicator/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Nuckal777%2Fnicator/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29545295,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-17T13:00:00.370Z","status":"ssl_error","status_checked_at":"2026-02-17T12:57:14.072Z","response_time":100,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["git","rust"],"created_at":"2024-11-09T03:56:46.900Z","updated_at":"2026-02-17T13:04:05.500Z","avatar_url":"https://github.com/Nuckal777.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Nicator\n\n![Build Status](https://img.shields.io/github/actions/workflow/status/Nuckal777/nicator/test.yaml?branch=master)\n[![Coverage Status](https://coveralls.io/repos/github/Nuckal777/nicator/badge.svg?branch=master)](https://coveralls.io/github/Nuckal777/nicator?branch=master)\n\nA lightweight encrypting git credential helper (for Linux)\n\n## Motivation\nGit on linux has basically 3 options to store credentials.\n- [git-credential-cache](https://git-scm.com/docs/gitcredentials): stores credentials in-memory, which means that they are not saved across reboots.\n- [git-credential-store](https://git-scm.com/docs/gitcredentials): stores credentials unencrypted on a filesystem, so anybody with access to the file can read them.\n- libsecret based implementations (like this [one](https://github.com/shugo/git-credential-gnomekeyring)): These store credentials encrypted, but bring a full secret management solution and require workarounds without a graphical session ([see here](https://superuser.com/questions/141036/use-of-gnome-keyring-daemon-without-x)).\n\nWith GitHub's move to personal access tokens, I felt the need for a lightweight encrypting solution.\nNicator works like git-credential-store but it encrypts the saved credentials, so it protects against the credentials file getting stolen.\n__It does not do anything about malicious code being executed or its sockets and process memory getting read, especially after unlocking.__\nMost of nicators dependencies are statically linked, so it does not require any uncommon dependencies.\n\n## Usage\n1. Add `nicator` somewhere on your `$PATH`.\n2. Execute `nicator init` to create the credentials file and set an initial password.\n3. Set `nicator` as your git-credential-helper: `git config --global credential.helper /path/to/nicator`.\n4. Execute `nicator unlock` to enable storing and fetching credentials.\n5. Execute `nicator lock` to disable storing and fetching credentials.\n\n`nicator unlock -t SECONDS` allows specifying a timeout after which the credentials become inaccessible.\nIt defaults to 1 hour. It might be handy to create a shell alias to change it consistently. The `-c` and `-s` flags can be used to change the path used for the credentials file and socket file respectively.\nThese should not leak any data as long these files are only readable and writeable by the the file's owner, which nicator takes care of when creating these.\n\nAn existing `.git-credentials` file can be imported using `nicator import`.\n\n## How nicator works\nUnlocking will automatically launch a nicator server/daemon process listening on a unix socket with appropriate permissions (found in `/tmp`), which keeps the password in-memory.\nWhen queried for data the server will decrypt the credential file (`$HOME/.nicator-credentials`) or encrypt it with appropriate permissions when storing.\n`nicator store/get/erase` will parse git's input, connect to the daemon and output required information to be consumed by git.\nNicator encrypts credentials using 256-bit AES.\nThe passphrase is hashed using Argon2id.\n\n## Security considerations\nTo put it bluntly after unlocking `nicator` is as insecure as `git-credential-store`.\n- You should trust the root user on your system.\n- When hibernating your nicator password may be written to the disk if a nicator server is still running\n- Malicious code may act like a valid the nicator client and read credentials from the unix socket after the credential store is unlocked\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnuckal777%2Fnicator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnuckal777%2Fnicator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnuckal777%2Fnicator/lists"}