Is Git Credential Manager better than SSH keys?

Neither is objectively better - they serve different needs. GCM excels when you prefer HTTPS URLs, work with 2FA-protected accounts, or want browser-based authentication. SSH keys are better for headless servers, automation, and users who prefer explicit key management. Many developers use both depending on the context.

Does Git Credential Manager work with GitHub 2FA?

Yes, this is one of GCM's primary strengths. When you push to a 2FA-protected GitHub account, GCM opens your browser for OAuth authentication where you complete the 2FA challenge. The resulting token is stored securely, and you won't need to re-authenticate until it expires or you revoke it.

How do I remove credentials stored by Git Credential Manager?

Open Keychain Access on your Mac and search for entries starting with 'git:' followed by your repository host (e.g., 'git:https://github.com'). Select the entry and delete it. Alternatively, run `git credential-manager erase` and provide the protocol and host when prompted.

Can I use Git Credential Manager with multiple GitHub accounts?

Yes. Configure GCM to use HTTP path matching by running `git config --global credential.github.com.useHttpPath true`. This makes GCM treat each repository path uniquely, allowing you to authenticate with different accounts for different repositories based on their full URL.

Does Git Credential Manager support GitLab and Bitbucket?

Yes, GCM supports GitLab, Bitbucket, and Bitbucket Server out of the box alongside GitHub and Azure DevOps. When you clone or push to a GitLab or Bitbucket repository over HTTPS, GCM automatically detects the provider from the remote URL and initiates the correct OAuth authentication flow. Credentials are stored in the macOS Keychain just like with GitHub, and token refresh works transparently across all supported providers.

How do I uninstall Git Credential Manager on macOS?

To uninstall GCM, first remove the Git configuration by running `git config --global --unset credential.helper`. Then uninstall the application via Homebrew with `brew uninstall --cask git-credential-manager`. Finally, open Keychain Access and search for entries starting with 'git:' to remove any stored credentials. After uninstalling, Git will revert to its default credential behavior, which typically means prompting for username and password on every operation.

Can Git Credential Manager work alongside GitHub CLI (gh)?

Yes, GCM and GitHub CLI complement each other well. GitHub CLI handles GitHub-specific operations like creating pull requests and managing issues, while GCM manages the underlying credential storage for all Git HTTPS operations across multiple providers. When both are installed, they can share credentials through the macOS Keychain, so authenticating with one tool benefits the other automatically.

BUNDL

AI Builder

JavaScript is disabled. Some interactive features require JavaScript. Core content is still available below.

Loading…

Git Credential Manager

Name: Git Credential Manager
Availability: InStock

Cross-platform Git credential storage for multiple hosting providers

Developer ToolsFree

v2.7.0

Quick Take: Git Credential Manager

4.5

Git Credential Manager is the definitive solution for macOS developers who use HTTPS for Git operations and have 2FA enabled on their accounts. It transforms the authentication experience from a constant friction point into a set-and-forget background process. The seamless OAuth flow, automatic token refresh, and native Keychain integration make it far superior to managing PATs manually. While SSH keys remain a valid alternative for those who prefer explicit key management, GCM is the right choice for most developers working with modern Git hosting providers that enforce multi-factor authentication.

Best For

•Developers with 2FA-enabled Git accounts
•Teams standardizing on HTTPS workflows
•Enterprise environments with SSO requirements

Install with Homebrew

brew install --cask git-credential-manager

What is Git Credential Manager?

Git Credential Manager (GCM) is a cross-platform credential helper maintained by GitHub (Microsoft) that provides secure authentication for Git repositories over HTTPS. Unlike the basic credential helpers that ship with Git, GCM offers sophisticated multi-factor authentication support, OAuth integration, and native keychain storage that makes working with modern Git hosting providers seamless and secure. For Mac developers who prefer HTTPS over SSH for their Git operations, GCM eliminates the friction of manually managing Personal Access Tokens (PATs) by handling the entire authentication flow through a browser-based OAuth handshake. Once authenticated, your credentials are securely stored in the macOS Keychain, encrypted at rest, and automatically refreshed when tokens expire. GCM supports all major Git hosting platforms including GitHub (and GitHub Enterprise), GitLab, Bitbucket, and Azure DevOps, detecting the provider automatically based on the remote URL. This intelligent provider detection means you can work with multiple Git services simultaneously without configuration conflicts. The tool has evolved from separate platform-specific implementations into a unified .NET-based codebase that ensures consistent behavior whether you are on macOS, Windows, or Linux. For teams that enforce two-factor authentication or Single Sign-On (SSO) policies, GCM is essentially mandatory for HTTPS workflows because it handles the complex OAuth device flow that traditional credential storage cannot. It integrates natively with your terminal, typically redirecting to your default browser for the initial authentication handshake, then operating silently in the background for subsequent operations. The project is open-source, hosted at github.com/git-ecosystem/git-credential-manager, and receives regular updates to support new authentication methods and provider features.

Deep Dive: Secure Git Authentication for the Modern Developer

Understanding how Git Credential Manager solves the authentication challenges of modern Git workflows.

History & Background

Git Credential Manager evolved from multiple platform-specific tools: Git Credential Manager for Windows, and Git Credential Manager for Mac and Linux. In 2020, these were unified into a single cross-platform tool built on .NET Core, now simply called Git Credential Manager. This consolidation brought consistent behavior and features across all operating systems, simplifying maintenance and ensuring feature parity. The project moved to the git-ecosystem organization on GitHub, signaling its role as essential Git infrastructure rather than a platform-specific add-on.

How It Works

GCM operates as a Git credential helper, meaning Git invokes it automatically when credentials are needed. When you perform a Git operation requiring authentication, Git calls GCM with the protocol and host information. GCM checks its credential store (macOS Keychain) for existing valid credentials. If none exist or they've expired, GCM initiates an OAuth flow by opening your browser. After successful authentication, GCM receives an OAuth token, stores it securely, and returns it to Git. The .NET runtime bundled with GCM handles the OAuth protocol complexities, including PKCE for security.

Ecosystem & Integrations

GCM integrates with the broader Git authentication ecosystem. It works alongside tools like GitHub CLI (gh), which can share credentials through GCM. For VS Code users, GCM provides the authentication that powers built-in Git operations. CI/CD systems typically use different authentication methods (deploy keys, PATs in environment variables), but GCM remains the standard for interactive developer workstations. The tool also supports credential namespaces, allowing different credential stores for different Git hosts or even different accounts on the same host.

Future Development

Recent updates have focused on improving the authentication experience for GitHub Enterprise and Azure DevOps users with complex SSO configurations. The team continues to add support for new authentication methods as Git hosting providers evolve their security requirements. Windows Hello and biometric authentication integration has been enhanced, and similar macOS Touch ID integration is being explored. The project maintains backward compatibility while adding new features, ensuring existing workflows aren't disrupted by updates.

Key Features

Native macOS Keychain Integration

GCM stores your Git credentials directly in the macOS Keychain, leveraging Apple's secure credential storage infrastructure. Your tokens are encrypted at rest using your system's security mechanisms, and you can inspect or remove them using Keychain Access if needed. This integration means credentials persist across terminal sessions and system reboots without requiring re-authentication.

Multi-Factor Authentication Support

Unlike basic credential helpers that choke on 2FA-protected accounts, GCM handles MFA natively through OAuth device flow. When you push to a 2FA-enabled repository, GCM opens your browser for authentication, where you complete any required MFA challenges. The resulting OAuth token is stored securely, eliminating the need to manually generate and paste Personal Access Tokens.

Automatic Token Refresh

OAuth tokens have expiration dates, and manually refreshing them is tedious. GCM monitors token expiry and automatically refreshes credentials before they expire, ensuring your Git operations never fail due to stale authentication. This happens transparently in the background without interrupting your workflow.

Multi-Provider Detection

GCM intelligently detects which Git hosting service you are connecting to based on the remote URL. Whether you are pushing to GitHub, pulling from GitLab, or cloning from Azure DevOps, GCM serves the correct authentication flow automatically. This means you can work with multiple providers in the same terminal session without configuration changes.

Cross-Platform Consistency

Built on .NET, GCM provides identical behavior across macOS, Windows, and Linux. Teams sharing dotfiles, scripts, or CI/CD configurations benefit from this consistency since the same credential helper configuration works everywhere. Developers who switch between operating systems experience no authentication friction.

Enterprise SSO Support

For organizations using SAML or OIDC-based Single Sign-On with GitHub Enterprise or Azure DevOps, GCM integrates with these enterprise identity providers. It can handle SSO challenges during the browser authentication flow, making it suitable for corporate environments with strict identity governance requirements.

Who Should Use Git Credential Manager?

1The Security-Conscious Developer

A developer working at a company that mandates 2FA on all GitHub accounts needs to push code multiple times daily. Without GCM, they would need to generate a Personal Access Token, store it somewhere (risking exposure), and paste it every time Git prompts for credentials. With GCM, they authenticate once via browser, complete the 2FA challenge, and never think about authentication again. Their OAuth token is securely stored in the Keychain and refreshed automatically.

2The Multi-Platform Contractor

A freelance developer works with multiple clients, each using different Git hosting services: one on GitHub, another on GitLab, and a third on Azure DevOps. Rather than juggling different SSH keys or remembering which PAT goes where, they install GCM once. When they clone or push to any repository, GCM detects the provider and handles authentication appropriately, streamlining context-switching between projects.

3The Enterprise Team Lead

An engineering manager is onboarding new developers to a company that uses GitHub Enterprise with SAML SSO. New hires struggle with the authentication setup, causing delays. By standardizing on GCM across all developer machines, the manager simplifies onboarding: new developers run the Homebrew install command, and their first Git operation triggers the SSO browser flow. No manual token generation, no documentation confusion, just seamless access control.

Install Git Credential Manager on Mac

Installing Git Credential Manager on macOS is straightforward using Homebrew. The tool integrates with your existing Git installation and requires minimal configuration to start working.

Install Homebrew (if not present)

Open Terminal and run: `/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"` to install the Homebrew package manager.

Install Git Credential Manager

Run the Homebrew Cask command to install GCM: `brew install --cask git-credential-manager`. This downloads the latest stable release and places it in your system.

Configure Git to Use GCM

Tell Git to use GCM as your credential helper: `git config --global credential.helper manager`. This sets GCM as the default for all repositories.

Verify Installation

Run `git credential-manager --version` to confirm the installation succeeded. You should see the version number printed to your terminal.

Pro Tips

• Your first git push or pull to a remote will trigger the browser authentication flow - this is expected behavior.
• Check Keychain Access after authenticating to see your stored credentials under 'git:https://github.com' or similar entries.

Configuration Tips

Set Default Browser for Auth

If GCM opens the wrong browser for authentication, you can specify your preferred browser. Run `git config --global credential.browser /Applications/Firefox.app/Contents/MacOS/firefox` (adjusting the path for your browser of choice) to ensure the OAuth flow opens where you want it.

Enable Credential Caching

For temporary credentials (like in CI environments), configure GCM's cache timeout: `git config --global credential.cacheOptions "--timeout 7200"` caches credentials for two hours. This reduces authentication prompts during intensive development sessions.

Configure for Multiple GitHub Accounts

If you use separate GitHub accounts for work and personal projects, configure GCM to prompt for account selection: `git config --global credential.github.com.useHttpPath true`. This treats each repository path uniquely, allowing different credentials per repository.

Alternatives to Git Credential Manager

While Git Credential Manager excels at HTTPS authentication with MFA support, several alternatives exist depending on your security preferences and workflow requirements.

git-credential-osxkeychain

SSH Keys

GitHub CLI (gh)

Pricing

Free & Open Source

Git Credential Manager is completely free and open-source, licensed under the MIT License. There are no paid tiers, subscriptions, or enterprise versions. The project is maintained by GitHub (Microsoft) and the open-source community. All features, including enterprise SSO support and multi-provider authentication, are available to everyone at no cost. The source code is publicly available at github.com/git-ecosystem/git-credential-manager.

Pros

✓Seamlessly handles 2FA and OAuth authentication flows that break basic credential helpers.
✓Stores credentials securely in the native macOS Keychain with encryption at rest.
✓Supports all major Git providers (GitHub, GitLab, Bitbucket, Azure DevOps) out of the box.
✓Automatically refreshes expired tokens without user intervention.
✓Cross-platform consistency makes team standardization straightforward.

Cons

✗Requires .NET runtime bundled with the app, adding installation size compared to native helpers.
✗Browser-based authentication flow may be inconvenient in headless or SSH-only environments.
✗Some users prefer SSH keys for their explicit key management and audit trail capabilities.

Community & Support

Git Credential Manager is maintained as part of the git-ecosystem organization on GitHub, with active involvement from GitHub/Microsoft employees and community contributors. The project's GitHub repository serves as the primary hub for bug reports, feature requests, and discussions. Documentation is comprehensive and includes troubleshooting guides for common issues. Because GCM is the recommended credential helper for GitHub and Azure DevOps, it receives regular updates and security patches. Stack Overflow has an active tag for GCM-related questions, and most Git-focused communities are familiar with the tool. The project averages over 500 GitHub stars and sees consistent contribution activity, with releases shipping roughly every 4-6 weeks to address compatibility issues and add support for new authentication scenarios across evolving provider platforms.

Frequently Asked Questions about Git Credential Manager

Git Credential Manager securely stores and manages your Git credentials for HTTPS-based repository access. It handles OAuth authentication flows, supports multi-factor authentication, and stores credentials in your operating system's secure credential store (macOS Keychain on Mac). This means you authenticate once via browser and GCM handles subsequent Git operations automatically.

Our Verdict

4.5/5

Best for:Developers with 2FA-enabled Git accountsTeams standardizing on HTTPS workflowsEnterprise environments with SSO requirements

About the Author

Alex Chen

Senior Developer Tools Specialist

Code Editors & IDEsTerminal EmulatorsVersion Control Tools

12+ years in software development · Former senior engineer at tech startups

Expert Tips for Git Credential Manager

For corporate environments with SAML SSO, test GCM with your identity provider during onboarding setup rather than waiting for developers to encounter auth failures.

Hands-on TestingHigh Confidence

If you use GitHub Actions or other CI systems, GCM's interactive browser flow won't work - use PATs or GITHUB_TOKEN environment variables instead for automation contexts.

Official DocsHigh Confidence

When switching between multiple Git hosting providers throughout the day, GCM's automatic provider detection eliminates the mental overhead of remembering which authentication method each service requires. This is especially valuable for consultants and contractors who routinely work across GitHub, GitLab, and Azure DevOps repositories within the same session.

CommunityHigh Confidence

Related Technologies & Concepts

macOS KeychainOAuth 2.0GitHubPersonal Access TokenHomebrew

Sources & References

Fact-Checked

Last verified: Jan 24, 2026

Key Verified Facts

GCM stores credentials in the native macOS Keychain for secure, encrypted storage.[gcm-docs]
GCM supports GitHub, GitLab, Bitbucket, and Azure DevOps out of the box.[gcm-repo]

1
Git Credential Manager GitHub Repository
Accessed Jan 24, 2026
2
Git Credential Manager Documentation
Accessed Jan 24, 2026
3
GitHub Authentication Documentation
Accessed Jan 24, 2026

Research queries: Git Credential Manager Mac 2026 installation OAuth 2FA Keychain

More Developer Tools

Zed

Explore More on Bundl

All Apps Comparisons Free Alternatives Collections

Similar Apps