plain text git credentials

Hi

While setting up an awx container for our devops department I noticed git credentials are stored in plain text on the filesystem (in /var/lib/awx/_some_project/.git/config e.g.). Not sure if this is a known issue, but in our environment it is a security issue (server admin having access to these credentials). Maybe I’m misconfiguring something?
Any tips/opinions are greatly appreciated.

Ruben de Groot

You should probably use ssh-based credentials instead.

Yes. I got the same suggestion on IRC, and it looks like this works.
However, it is unnecessary to put the plain text credentials for http basic auth in the .git/config file on disk in the form “url = https://<username>:<password>@gitlab.com/path/to/repo.got”.
This could be done with a POST request, hiding the plain text password from the on-disk url.

iirc this comes from what is required by the git module in Ansible directly.