Using git behind authenticated proxies

So trying to find a better option than having plain text secrets in env vars or .config files.

Best case is the wincred or osxkeychain would work for the proxy authentication in addition to the actual endpoint in GitHub, but not a small amount of work from what I see in the C code.  Running a local proxy to handle the authentication also is not a great option.

Anyone have some alternative that has worked for them at scale and doesn’t feel like duct tape and baling wire?

The best option that I can think of is some sort of command-line secure key store sort of thing that creates the environment variables by pulling the information out of the OS-specific key store on login. This way the creds aren’t stored in an on-disk profile or configuration file and are mostly stored in-memory except for the secure key store.

I can’t say that the above has worked “at scale” though, I’ve never worked at a location that used a system configured like you’re describing.

I hope that helps!