Skip to content

Add SecureString support for Credentials #1048

Closed
@rubberduck203

Description

@rubberduck203

Credentials currently only support taking in username and password as plain text. Being able to pass a secure string in and have LibGit2Sharp handle the retrieval of the plain text as close as possible to it's use would improve security and centralize the action. Essentially moving the decryption responsibility from the client to the library where it can be handled in a correct way.

I'm thinking a new SecureUsernamePasswordCrentials class could be implemented relatively simply. It would be very similar to the existing class. Instead of a System.String for Username and Password, we would simply use a SecureString instead.

    /// <summary>
    /// Username for username/password authentication (as in HTTP basic auth).
    /// </summary>
    public SecureString Username { get; set; }

    /// <summary>
    /// Password for username/password authentication (as in HTTP basic auth).
    /// </summary>
    public SeucreString Password { get; set; }

The GitCredentialHandler override would be very similar to the existing implementation as well. This is where the SecureString would be converted to an unmanaged string to be passed along to the NativeMethods and immediately freed from memory once a credential is created.

I'm willing to do the work and submit a pull request if there is any interest in this.

Am I missing any caveats?
What kinds of tests would you like to see for this functionality?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions