Is it a bad idea to store passwords in my global git configuration?

Depends where it's stored and who has access to it I guess.

its basically a file sitting in ~/.gitconfig

i understand that anyone with a physical access to my machine could get that file.

just want to make sure git itself wont put that info somewhere public in bitbucket or github

The only thing I know people can access is your public keys and the email used to commit a commit.

Like so: https://github.com/jeffreyway.keys

thats why i was wondering if this data will be pushed anywhere coz my name and email is in there which git uses obviously

It shouldn't pull in a custom file stored in .gitconfig but looking around there's ways of grabbing it from keychain?

git config --global credential.helper osxkeychain

i'll probably store them in the bash script itself instead of the git configuration file just to be on the safe side :)

For Bitbucket you can use SSH keys. Wouldn't that be better than user/pass as you only need to revoke the keys if you suspect anything?

i am using bitbucket api to create a repo via command line. the api requires the username/password i dont see anywhere in the docs how to authenticate using an ssh key.

here is the command i am basically executing

curl -X POST -v -u ${BB_USER}:${BB_PASS} -H "Content-Type: application/json" https://api.bitbucket.org/2.0/repositories/${BB_USER}/${DIR_SLUG} -d '{"scm": "git", "language": "php", "is_private": "true", "fork_policy": "no_public_forks" }';

I guess in the script is fine for that then... the script is only on your computer right?

yep its on my mac and dont plan to share it or store it anywhere else so i guess its safer to keep my credentials in there at the end of the day.

with git configuration file am not 100% sure thats why i thought of asking :)

Indeed, no question is a stupid question! So to speak :P