We've connected TeamCity to our Git repositories using the "Password" authentication method. Is there a way to retrieve the password from a protected variable where only system administrators / privileged users have access to?
Problem: we cannot create a new TeamCity-reader user per Git repository due to licence restrictions of our Git windows server product. Therefore the single git-teamcity-reader user must have read access to all of our repositories and anybody having the password could clone any repository. Therefore we don't want to give out the password to each project, it should be a protected variable or something alike, so that the password can only be used on the TeamCity server and it is much harder (and easier to log) if somebody uses TeamCity features to clone a different repository.
What's the recommended solution to the problem?