Secure Source Manager is generally available (GA) by invitation only. To use Secure Source Manager, contact your Google Account team.

Use Git source code management

Secure Source Manager supports all Git SCM client commands and has built in pull requests and issue tracking. Both HTTPS and SSH authentication are supported.

Required roles

To get the permissions that you need to use Git to interact with a Secure Source Manager repository, ask your administrator to grant you the following IAM roles:

Secure Source Manager Instance Accessor (roles/securesourcemanager.instanceAccessor) on the Secure Source Manager instance
To clone a repository: Secure Source Manager Repo Reader (roles/securesourcemanager.repoReader) on the repository
To push to a repository: Secure Source Manager Repo Writer (roles/securesourcemanager.repoWriter) on the repository

For more information about granting roles, see Manage access to projects, folders, and organizations.

You might also be able to get the required permissions through custom roles or other predefined roles.

For information on granting Secure Source Manager roles, see Access control with IAM and Grant users instance access.

Install Git and Google Cloud CLI

Install Git.
Install the gcloud CLI.
The gcloud CLI version 395.0.0 or later is required to use Git with HTTPS. To check your gcloud CLI version run the following command:
```
gcloud --version
```
To update the gcloud CLI run the following command.
```
gcloud components update
```
After updating, run gcloud init to initialize the gcloud CLI.

See the gcloud CLI documentation on updating components for more information.

Set up your credentials

If you authenticate to Secure Source Manager using a third-party identity provider and Workforce Identity Federation, you don't need to complete this section—instead, you must create a workforce identity pool login configuration.

Add the Secure Source Manager authentication helper to your global Git config by running the following command:

Linux

git config --global credential.'https://*.*.sourcemanager.dev'.helper gcloud.sh

Earlier versions of Git might not support wildcards. To add the authentication helper without wildcards, run the following command:

git config --global credential.'https://INSTANCE_ID-PROJECT_NUMBER-git.LOCATION.sourcemanager.dev'.helper gcloud.sh

Replace the following:

INSTANCE_ID with the name of your Secure Source Manager instance.
PROJECT_NUMBER with your project number. For help finding your project number, see Identifying projects.
LOCATION with the instance's region. For more information on regions, see Locations.

Windows

git config --global credential.https://*.*.sourcemanager.dev.helper gcloud.cmd

Earlier versions of Git might not support wildcards. To add the authentication helper without wildcards, run the following command:

git config --global credential.https://INSTANCE_ID-PROJECT_NUMBER-git.LOCATION.sourcemanager.dev.helper gcloud.cmd

Replace the following:

INSTANCE_ID with the name of your Secure Source Manager instance.
PROJECT_NUMBER with your project number. For help finding your project number, see Identifying projects.
LOCATION with the instance's region. For more information on regions, see Locations.

The authentication helper uses the gcloud CLI to fetch your Google Cloud credentials when using Git commands with Secure Source Manager.

To re-authenticate after the initial credential setup, run the following gcloud CLI command:

gcloud auth login

You don't need to complete this section unless you're using Workforce Identity Federation to authenticate to Secure Source Manager with a third-party identity provider.

To authenticate with your workforce identity pool credentials to your Secure Source Manager instance using gcloud CLI commands or Git commands, you must create a login configuration with your workforce identity pool.

To create a workforce identity pool login configuration, follow the instructions in Obtain short-lived tokens for Workforce Identity Federation to create a browser-based sign-in with the gcloud CLI.

After you have authenticated, you can use Git commands to interact with your Secure Source Manager instance. You must re-authenticate when the session duration for your workforce identity pool expires.

Clone a repository

Clone a repository by running the following command:

git clone REPOSITORY_URL

Where REPOSITORY_URL is the HTTPS or SSH URL displayed at the top of the repository page you want to clone.

Push an existing repository to Secure Source Manager

You must create a Secure Source Manager repository to act as a remote before you can push to it.

To push your existing Git repository to an empty Secure Source Manager repository you need to add the Secure Source Manager repository as a remote and push to it.

To set the Secure Source Manager repository as a remote run the following command:
```
git remote add origin REPOSITORY_URL
```
Where REPOSITORY_URL is the HTTPS or SSH URL displayed at the top of the repository page.
To push to the repository run the following command:
```
git push -u origin main
```

For more information on Git source code management, read the Git documentation.

What's next

Learn more about Git source code management
List and view repositories.