Most Git operations like push, pull, or clone are executed as long as SSH keys or access tokens are available in your environment. That’s convenient — but it can also become a security risk.
Imagine working on a shared machine, or having your token silently stolen. A background process could push malicious code to your repositories — undetected.
Introducing git-secure
git-secure is a lightweight Bash wrapper that prompts for authentication before executing sensitive Git commands. It aims to act as a security checkpoint.
Features
- Prompts for GitHub token or password before executing:
-
push,push --force,pull,fetch,clone,rebase
-
- Verifies credentials with the GitHub API
- Automatically deletes token after use
- Detects token misuse or invalid repos
- CLI in English and French
Try it
GitHub: https://github.com/VictorNafs/git-secure-hub
$ ./git-secure.sh
Enter your GitHub token:
GitHub username:
Git operation (push/pull/clone...):
Use Cases
- Shared developer environments
- Teams with high compliance requirements
- Securing CI/CD pipelines
- Preventing silent credential abuse
The Proposal
I submitted this as an RFC to the Git community.
Feedback welcome — feel free to comment, fork, or submit ideas!
This is an open-source initiative to explore stronger Git workflows and improve credential handling.
Thanks for reading!
— Victor Duprez
Top comments (0)