A git credential helper for a shared user that needs to authenticate to distinct Azure Devops users with their distinct tokens, depending on which user is using the shared user. Don't use this, find a better job instead, where people pay some basic respect to you and your work.

git-credential-azdo-token

#!/bin/bash

# Process only the get requests to this credential helper.
# https://git-scm.com/book/en/v2/Git-Tools-Credential-Storage
# git config credential.helper 'azdo-token'
[[ "${1}" == "store" ]] && exit 0
[[ "${1}" == "erase" ]] && exit 0

want_username="${SUDO_USER}"
printf -v want_aes_file "%s/.azdo-token-for-%s.aes" "${HOME}" "${want_username}"

if [[ ! -s "${want_aes_file}" ]]
then
        printf "[err] %s not found.\n" "${want_aes_file}" >&2
        printf "[err] Use save-azdo-token first?\n" >&2
        exit 1
fi

printf "[info] Will now decrypt the token from:\n[info]   %s\n" "${want_aes_file}" >&2

if token_out=$(openssl enc -aes-256-cbc -pbkdf2 -d -in "${want_aes_file}")
then
        echo "[info] decryption succeeded." >&2
else
        echo "[error] decryption failed." >&2
        exit 1
fi

cat <<Here
protocol=https
host=dev.azure.com
username=${want_username}
password=${token_out}
Here

save-azdo-token

#!/bin/bash

# Encrypt and store the azdo token.
umask 0077
want_username="${SUDO_USER}"
printf -v want_aes_file "%s/.azdo-token-for-%s.aes" "${HOME}" "${want_username}"

read -r -p "Azdo token for ${want_username}: "

echo "${REPLY}" | openssl enc -aes-256-cbc -pbkdf2 -out "${want_aes_file}"
if [[ $? -eq 0 ]]
then
        echo "[info] token successfully encrypted."
else
        echo "[err] failed to encrypt token. Try again."
        exit 1
fi