Make GPG Pass store path configurable by git config (#1698)

Matthew John Cheetham · web-flow · commit 4e8e5931d782 · 2024-09-30T09:44:16.000+01:00
I found this change beneficial when using conditional git configuration
includes for multiple git identities and `pass` password stores. It lets
me transparently select appropriate password store without need to set
its path explicitly by environment variable.
For example:

&gt; ~/.config/git/config:
```
[user]
	name = John Doe
	email = jdoe@gmail.com

[credential]
	credentialStore = gpg
	helper = /usr/local/bin/git-credential-manager
	gpgPassStorePath = /home/jdoe/.password-store

[includeIf "gitdir:~/Work/"]
	path = config.work
```

&gt; ~/.config/git/config.work:
```
[user]
	name = John Doe (Umbrella Corp.)
	email = jdoe@umbrella.com

[credential]
	gpgPassStorePath = /home/jdoe/.password-store.umbrella
```
diff --git a/docs/configuration.md b/docs/configuration.md
@@ -633,6 +633,24 @@ git config --global credential.dpapiStorePath D:\credentials
 
 ---
 
+### credential.gpgPassStorePath
+
+Specify a custom directory to store GPG-encrypted [pass][pass]-compatible credential files
+in when [`credential.credentialStore`][credential-credentialstore] is set to `gpg`.
+
+Defaults to the value `~/.password-store` or `%USERPROFILE%\.password-store`.
+
+#### Example
+
+```shell
+git config --global credential.gpgPassStorePath /mnt/external-drive/.password-store
+```
+
+**Note:** Location of the password store used by [pass][pass] can be overridden by the
+`PASSWORD_STORE_DIR` environment variable, see the [man page][pass-man] for details.
+
+---
+
 ### credential.msauthFlow
 
 Specify which authentication flow should be used when performing Microsoft
@@ -1042,6 +1060,7 @@ Defaults to disabled.
 [provider-migrate]: migration.md#gcm_authority
 [cache-options]: https://git-scm.com/docs/git-credential-cache#_options
 [pass]: https://www.passwordstore.org/
+[pass-man]: https://git.zx2c4.com/password-store/about/
 [trace2-normal-docs]: https://git-scm.com/docs/api-trace2#_the_normal_format_target
 [trace2-normal-env]: environment.md#GIT_TRACE2
 [trace2-event-docs]: https://git-scm.com/docs/api-trace2#_the_event_format_target
diff --git a/src/shared/Core/Constants.cs b/src/shared/Core/Constants.cs
@@ -162,6 +162,7 @@ public static class Credential
                 public const string DevUseLegacyUiHelpers = "devUseLegacyUiHelpers";
                 public const string MsAuthUseDefaultAccount = "msauthUseDefaultAccount";
                 public const string GuiSoftwareRendering = "guiSoftwareRendering";
+                public const string GpgPassStorePath = "gpgPassStorePath";
 
                 public const string OAuthAuthenticationModes = "oauthAuthModes";
                 public const string OAuthClientId            = "oauthClientId";
diff --git a/src/shared/Core/CredentialStore.cs b/src/shared/Core/CredentialStore.cs
@@ -276,7 +276,8 @@ private void ValidateGpgPass(out string storeRoot, out string execPath)
             // Check for a redirected pass store location
             if (!_context.Settings.TryGetSetting(
                 GpgPassCredentialStore.PasswordStoreDirEnvar,
-                null, null,
+                Constants.GitConfiguration.Credential.SectionName,
+                Constants.GitConfiguration.Credential.GpgPassStorePath,
                 out storeRoot))
             {
                 // Use default store root at ~/.password-store
