thodg/libgit2

diff --git a/examples/common.c b/examples/common.c
index 30f6cdc..b068b84 100644
--- a/examples/common.c
+++ b/examples/common.c
@@ -176,7 +176,7 @@ static int ask(char **out, const char *prompt, char optional)
 	return 0;
 }
 
-int cred_acquire_cb(git_cred **out,
+int cred_acquire_cb(git_credential **out,
 		const char *url,
 		const char *username_from_url,
 		unsigned int allowed_types,
@@ -195,7 +195,7 @@ int cred_acquire_cb(git_cred **out,
 		goto out;
 	}
 
-	if (allowed_types & GIT_CREDTYPE_SSH_KEY) {
+	if (allowed_types & GIT_CREDENTIAL_SSH_KEY) {
 		int n;
 
 		if ((error = ask(&privkey, "SSH Key:", 0)) < 0 ||
@@ -207,14 +207,14 @@ int cred_acquire_cb(git_cred **out,
 		    (n = snprintf(pubkey, n + 1, "%s.pub", privkey)) < 0)
 			goto out;
 
-		error = git_cred_ssh_key_new(out, username, pubkey, privkey, password);
-	} else if (allowed_types & GIT_CREDTYPE_USERPASS_PLAINTEXT) {
+		error = git_credential_ssh_key_new(out, username, pubkey, privkey, password);
+	} else if (allowed_types & GIT_CREDENTIAL_USERPASS_PLAINTEXT) {
 		if ((error = ask(&password, "Password:", 1)) < 0)
 			goto out;
 
-		error = git_cred_userpass_plaintext_new(out, username, password);
-	} else if (allowed_types & GIT_CREDTYPE_USERNAME) {
-		error = git_cred_username_new(out, username);
+		error = git_credential_userpass_plaintext_new(out, username, password);
+	} else if (allowed_types & GIT_CREDENTIAL_USERNAME) {
+		error = git_credential_username_new(out, username);
 	}
 
 out:
diff --git a/examples/common.h b/examples/common.h
index 5a029b4..c01561b 100644
--- a/examples/common.h
+++ b/examples/common.h
@@ -125,7 +125,7 @@ extern int resolve_refish(git_annotated_commit **commit, git_repository *repo, c
 /**
  * Acquire credentials via command line
  */
-extern int cred_acquire_cb(git_cred **out,
+extern int cred_acquire_cb(git_credential **out,
 		const char *url,
 		const char *username_from_url,
 		unsigned int allowed_types,
diff --git a/include/git2.h b/include/git2.h
index 7f49f8f..f39d7fb 100644
--- a/include/git2.h
+++ b/include/git2.h
@@ -22,7 +22,7 @@
 #include "git2/commit.h"
 #include "git2/common.h"
 #include "git2/config.h"
-#include "git2/cred.h"
+#include "git2/credential.h"
 #include "git2/deprecated.h"
 #include "git2/describe.h"
 #include "git2/diff.h"
diff --git a/include/git2/cred.h b/include/git2/cred.h
deleted file mode 100644
index e89ab23..0000000
--- a/include/git2/cred.h
+++ /dev/null
@@ -1,308 +0,0 @@
-/*
- * Copyright (C) the libgit2 contributors. All rights reserved.
- *
- * This file is part of libgit2, distributed under the GNU GPL v2 with
- * a Linking Exception. For full terms see the included COPYING file.
- */
-#ifndef INCLUDE_git_cred_h__
-#define INCLUDE_git_cred_h__
-
-#include "common.h"
-
-/**
- * @file git2/cred.h
- * @brief Git authentication & credential management
- * @defgroup git_cred Authentication & credential management
- * @ingroup Git
- * @{
- */
-GIT_BEGIN_DECL
-
-/**
- * Supported credential types
- *
- * This represents the various types of authentication methods supported by
- * the library.
- */
-typedef enum {
-	/**
-	 * A vanilla user/password request
-	 * @see git_cred_userpass_plaintext_new
-	 */
-	GIT_CREDTYPE_USERPASS_PLAINTEXT = (1u << 0),
-
-	/**
-	 * An SSH key-based authentication request
-	 * @see git_cred_ssh_key_new
-	 */
-	GIT_CREDTYPE_SSH_KEY = (1u << 1),
-
-	/**
-	 * An SSH key-based authentication request, with a custom signature
-	 * @see git_cred_ssh_custom_new
-	 */
-	GIT_CREDTYPE_SSH_CUSTOM = (1u << 2),
-
-	/**
-	 * An NTLM/Negotiate-based authentication request.
-	 * @see git_cred_default
-	 */
-	GIT_CREDTYPE_DEFAULT = (1u << 3),
-
-	/**
-	 * An SSH interactive authentication request
-	 * @see git_cred_ssh_interactive_new
-	 */
-	GIT_CREDTYPE_SSH_INTERACTIVE = (1u << 4),
-
-	/**
-	 * Username-only authentication request
-	 *
-	 * Used as a pre-authentication step if the underlying transport
-	 * (eg. SSH, with no username in its URL) does not know which username
-	 * to use.
-	 *
-	 * @see git_cred_username_new
-	 */
-	GIT_CREDTYPE_USERNAME = (1u << 5),
-
-	/**
-	 * An SSH key-based authentication request
-	 *
-	 * Allows credentials to be read from memory instead of files.
-	 * Note that because of differences in crypto backend support, it might
-	 * not be functional.
-	 *
-	 * @see git_cred_ssh_key_memory_new
-	 */
-	GIT_CREDTYPE_SSH_MEMORY = (1u << 6),
-} git_credtype_t;
-
-/**
- * The base structure for all credential types
- */
-typedef struct git_cred git_cred;
-
-typedef struct git_cred_userpass_plaintext git_cred_userpass_plaintext;
-
-/** Username-only credential information */
-typedef struct git_cred_username git_cred_username;
-
-/** A key for NTLM/Kerberos "default" credentials */
-typedef struct git_cred git_cred_default;
-
-/**
- * A ssh key from disk
- */
-typedef struct git_cred_ssh_key git_cred_ssh_key;
-
-/**
- * Keyboard-interactive based ssh authentication
- */
-typedef struct git_cred_ssh_interactive git_cred_ssh_interactive;
-
-/**
- * A key with a custom signature function
- */
-typedef struct git_cred_ssh_custom git_cred_ssh_custom;
-
-/**
- * Credential acquisition callback.
- *
- * This callback is usually involved any time another system might need
- * authentication. As such, you are expected to provide a valid git_cred
- * object back, depending on allowed_types (a git_credtype_t bitmask).
- *
- * Note that most authentication details are your responsibility - this
- * callback will be called until the authentication succeeds, or you report
- * an error. As such, it's easy to get in a loop if you fail to stop providing
- * the same incorrect credentials.
- *
- * @param cred The newly created credential object.
- * @param url The resource for which we are demanding a credential.
- * @param username_from_url The username that was embedded in a "user\@host"
- *                          remote url, or NULL if not included.
- * @param allowed_types A bitmask stating which cred types are OK to return.
- * @param payload The payload provided when specifying this callback.
- * @return 0 for success, < 0 to indicate an error, > 0 to indicate
- *       no credential was acquired
- */
-typedef int GIT_CALLBACK(git_cred_acquire_cb)(
-	git_cred **cred,
-	const char *url,
-	const char *username_from_url,
-	unsigned int allowed_types,
-	void *payload);
-
-/**
- * Free a credential.
- *
- * This is only necessary if you own the object; that is, if you are a
- * transport.
- *
- * @param cred the object to free
- */
-GIT_EXTERN(void) git_cred_free(git_cred *cred);
-
-/**
- * Check whether a credential object contains username information.
- *
- * @param cred object to check
- * @return 1 if the credential object has non-NULL username, 0 otherwise
- */
-GIT_EXTERN(int) git_cred_has_username(git_cred *cred);
-
-/**
- * Return the username associated with a credential object.
- *
- * @param cred object to check
- * @return the credential username, or NULL if not applicable
- */
-GIT_EXTERN(const char *) git_cred_get_username(git_cred *cred);
-
-/**
- * Create a new plain-text username and password credential object.
- * The supplied credential parameter will be internally duplicated.
- *
- * @param out The newly created credential object.
- * @param username The username of the credential.
- * @param password The password of the credential.
- * @return 0 for success or an error code for failure
- */
-GIT_EXTERN(int) git_cred_userpass_plaintext_new(
-	git_cred **out,
-	const char *username,
-	const char *password);
-
-/**
- * Create a "default" credential usable for Negotiate mechanisms like NTLM
- * or Kerberos authentication.
- *
- * @return 0 for success or an error code for failure
- */
-GIT_EXTERN(int) git_cred_default_new(git_cred **out);
-
-/**
- * Create a credential to specify a username.
- *
- * This is used with ssh authentication to query for the username if
- * none is specified in the url.
- */
-GIT_EXTERN(int) git_cred_username_new(git_cred **cred, const char *username);
-
-/**
- * Create a new passphrase-protected ssh key credential object.
- * The supplied credential parameter will be internally duplicated.
- *
- * @param out The newly created credential object.
- * @param username username to use to authenticate
- * @param publickey The path to the public key of the credential.
- * @param privatekey The path to the private key of the credential.
- * @param passphrase The passphrase of the credential.
- * @return 0 for success or an error code for failure
- */
-GIT_EXTERN(int) git_cred_ssh_key_new(
-	git_cred **out,
-	const char *username,
-	const char *publickey,
-	const char *privatekey,
-	const char *passphrase);
-
-/**
- * Create a new ssh key credential object reading the keys from memory.
- *
- * @param out The newly created credential object.
- * @param username username to use to authenticate.
- * @param publickey The public key of the credential.
- * @param privatekey The private key of the credential.
- * @param passphrase The passphrase of the credential.
- * @return 0 for success or an error code for failure
- */
-GIT_EXTERN(int) git_cred_ssh_key_memory_new(
-	git_cred **out,
-	const char *username,
-	const char *publickey,
-	const char *privatekey,
-	const char *passphrase);
-
-/*
- * If the user hasn't included libssh2.h before git2.h, we need to
- * define a few types for the callback signatures.
- */
-#ifndef LIBSSH2_VERSION
-typedef struct _LIBSSH2_SESSION LIBSSH2_SESSION;
-typedef struct _LIBSSH2_USERAUTH_KBDINT_PROMPT LIBSSH2_USERAUTH_KBDINT_PROMPT;
-typedef struct _LIBSSH2_USERAUTH_KBDINT_RESPONSE LIBSSH2_USERAUTH_KBDINT_RESPONSE;
-#endif
-
-typedef void GIT_CALLBACK(git_cred_ssh_interactive_cb)(
-	const char *name,
-	int name_len,
-	const char *instruction, int instruction_len,
-	int num_prompts, const LIBSSH2_USERAUTH_KBDINT_PROMPT *prompts,
-	LIBSSH2_USERAUTH_KBDINT_RESPONSE *responses,
-	void **abstract);
-
-
-/**
- * Create a new ssh keyboard-interactive based credential object.
- * The supplied credential parameter will be internally duplicated.
- *
- * @param username Username to use to authenticate.
- * @param prompt_callback The callback method used for prompts.
- * @param payload Additional data to pass to the callback.
- * @return 0 for success or an error code for failure.
- */
-GIT_EXTERN(int) git_cred_ssh_interactive_new(
-	git_cred **out,
-	const char *username,
-	git_cred_ssh_interactive_cb prompt_callback,
-	void *payload);
-
-/**
- * Create a new ssh key credential object used for querying an ssh-agent.
- * The supplied credential parameter will be internally duplicated.
- *
- * @param out The newly created credential object.
- * @param username username to use to authenticate
- * @return 0 for success or an error code for failure
- */
-GIT_EXTERN(int) git_cred_ssh_key_from_agent(
-	git_cred **out,
-	const char *username);
-
-typedef int GIT_CALLBACK(git_cred_sign_cb)(
-	LIBSSH2_SESSION *session,
-	unsigned char **sig, size_t *sig_len,
-	const unsigned char *data, size_t data_len,
-	void **abstract);
-
-/**
- * Create an ssh key credential with a custom signing function.
- *
- * This lets you use your own function to sign the challenge.
- *
- * This function and its credential type is provided for completeness
- * and wraps `libssh2_userauth_publickey()`, which is undocumented.
- *
- * The supplied credential parameter will be internally duplicated.
- *
- * @param out The newly created credential object.
- * @param username username to use to authenticate
- * @param publickey The bytes of the public key.
- * @param publickey_len The length of the public key in bytes.
- * @param sign_callback The callback method to sign the data during the challenge.
- * @param payload Additional data to pass to the callback.
- * @return 0 for success or an error code for failure
- */
-GIT_EXTERN(int) git_cred_ssh_custom_new(
-	git_cred **out,
-	const char *username,
-	const char *publickey,
-	size_t publickey_len,
-	git_cred_sign_cb sign_callback,
-	void *payload);
-
-/** @} */
-GIT_END_DECL
-#endif
diff --git a/include/git2/cred_helpers.h b/include/git2/cred_helpers.h
index 1416d56..3721b6d 100644
--- a/include/git2/cred_helpers.h
+++ b/include/git2/cred_helpers.h
@@ -7,47 +7,9 @@
 #ifndef INCLUDE_git_cred_helpers_h__
 #define INCLUDE_git_cred_helpers_h__
 
-#include "transport.h"
-
-/**
- * @file git2/cred_helpers.h
- * @brief Utility functions for credential management
- * @defgroup git_cred_helpers credential management helpers
- * @ingroup Git
- * @{
- */
-GIT_BEGIN_DECL
-
-/**
- * Payload for git_cred_stock_userpass_plaintext.
- */
-typedef struct git_cred_userpass_payload {
-	const char *username;
-	const char *password;
-} git_cred_userpass_payload;
-
-
-/**
- * Stock callback usable as a git_cred_acquire_cb.  This calls
- * git_cred_userpass_plaintext_new unless the protocol has not specified
- * `GIT_CREDTYPE_USERPASS_PLAINTEXT` as an allowed type.
- *
- * @param cred The newly created credential object.
- * @param url The resource for which we are demanding a credential.
- * @param user_from_url The username that was embedded in a "user\@host"
- *                          remote url, or NULL if not included.
- * @param allowed_types A bitmask stating which cred types are OK to return.
- * @param payload The payload provided when specifying this callback.  (This is
- *        interpreted as a `git_cred_userpass_payload*`.)
- */
-GIT_EXTERN(int) git_cred_userpass(
-		git_cred **cred,
-		const char *url,
-		const char *user_from_url,
-		unsigned int allowed_types,
-		void *payload);
-
+/* These declarations have moved. */
+#ifndef GIT_DEPRECATE_HARD
+# include "git2/credential_helpers.h"
+#endif
 
-/** @} */
-GIT_END_DECL
 #endif
diff --git a/include/git2/credential.h b/include/git2/credential.h
new file mode 100644
index 0000000..9426a6e
--- /dev/null
+++ b/include/git2/credential.h
@@ -0,0 +1,314 @@
+/*
+ * Copyright (C) the libgit2 contributors. All rights reserved.
+ *
+ * This file is part of libgit2, distributed under the GNU GPL v2 with
+ * a Linking Exception. For full terms see the included COPYING file.
+ */
+#ifndef INCLUDE_git_credential_h__
+#define INCLUDE_git_credential_h__
+
+#include "common.h"
+
+/**
+ * @file git2/credential.h
+ * @brief Git authentication & credential management
+ * @defgroup git_credential Authentication & credential management
+ * @ingroup Git
+ * @{
+ */
+GIT_BEGIN_DECL
+
+/**
+ * Supported credential types
+ *
+ * This represents the various types of authentication methods supported by
+ * the library.
+ */
+typedef enum {
+	/**
+	 * A vanilla user/password request
+	 * @see git_credential_userpass_plaintext_new
+	 */
+	GIT_CREDENTIAL_USERPASS_PLAINTEXT = (1u << 0),
+
+	/**
+	 * An SSH key-based authentication request
+	 * @see git_credential_ssh_key_new
+	 */
+	GIT_CREDENTIAL_SSH_KEY = (1u << 1),
+
+	/**
+	 * An SSH key-based authentication request, with a custom signature
+	 * @see git_credential_ssh_custom_new
+	 */
+	GIT_CREDENTIAL_SSH_CUSTOM = (1u << 2),
+
+	/**
+	 * An NTLM/Negotiate-based authentication request.
+	 * @see git_credential_default
+	 */
+	GIT_CREDENTIAL_DEFAULT = (1u << 3),
+
+	/**
+	 * An SSH interactive authentication request
+	 * @see git_credential_ssh_interactive_new
+	 */
+	GIT_CREDENTIAL_SSH_INTERACTIVE = (1u << 4),
+
+	/**
+	 * Username-only authentication request
+	 *
+	 * Used as a pre-authentication step if the underlying transport
+	 * (eg. SSH, with no username in its URL) does not know which username
+	 * to use.
+	 *
+	 * @see git_credential_username_new
+	 */
+	GIT_CREDENTIAL_USERNAME = (1u << 5),
+
+	/**
+	 * An SSH key-based authentication request
+	 *
+	 * Allows credentials to be read from memory instead of files.
+	 * Note that because of differences in crypto backend support, it might
+	 * not be functional.
+	 *
+	 * @see git_credential_ssh_key_memory_new
+	 */
+	GIT_CREDENTIAL_SSH_MEMORY = (1u << 6),
+} git_credential_t;
+
+/**
+ * The base structure for all credential types
+ */
+typedef struct git_credential git_credential;
+
+typedef struct git_credential_userpass_plaintext git_credential_userpass_plaintext;
+
+/** Username-only credential information */
+typedef struct git_credential_username git_credential_username;
+
+/** A key for NTLM/Kerberos "default" credentials */
+typedef struct git_credential git_credential_default;
+
+/**
+ * A ssh key from disk
+ */
+typedef struct git_credential_ssh_key git_credential_ssh_key;
+
+/**
+ * Keyboard-interactive based ssh authentication
+ */
+typedef struct git_credential_ssh_interactive git_credential_ssh_interactive;
+
+/**
+ * A key with a custom signature function
+ */
+typedef struct git_credential_ssh_custom git_credential_ssh_custom;
+
+/**
+ * Credential acquisition callback.
+ *
+ * This callback is usually involved any time another system might need
+ * authentication. As such, you are expected to provide a valid
+ * git_credential object back, depending on allowed_types (a
+ * git_credential_t bitmask).
+ *
+ * Note that most authentication details are your responsibility - this
+ * callback will be called until the authentication succeeds, or you report
+ * an error. As such, it's easy to get in a loop if you fail to stop providing
+ * the same incorrect credentials.
+ *
+ * @param out The newly created credential object.
+ * @param url The resource for which we are demanding a credential.
+ * @param username_from_url The username that was embedded in a "user\@host"
+ *                          remote url, or NULL if not included.
+ * @param allowed_types A bitmask stating which credential types are OK to return.
+ * @param payload The payload provided when specifying this callback.
+ * @return 0 for success, < 0 to indicate an error, > 0 to indicate
+ *       no credential was acquired
+ */
+typedef int GIT_CALLBACK(git_credential_acquire_cb)(
+	git_credential **out,
+	const char *url,
+	const char *username_from_url,
+	unsigned int allowed_types,
+	void *payload);
+
+/**
+ * Free a credential.
+ *
+ * This is only necessary if you own the object; that is, if you are a
+ * transport.
+ *
+ * @param cred the object to free
+ */
+GIT_EXTERN(void) git_credential_free(git_credential *cred);
+
+/**
+ * Check whether a credential object contains username information.
+ *
+ * @param cred object to check
+ * @return 1 if the credential object has non-NULL username, 0 otherwise
+ */
+GIT_EXTERN(int) git_credential_has_username(git_credential *cred);
+
+/**
+ * Return the username associated with a credential object.
+ *
+ * @param cred object to check
+ * @return the credential username, or NULL if not applicable
+ */
+GIT_EXTERN(const char *) git_credential_get_username(git_credential *cred);
+
+/**
+ * Create a new plain-text username and password credential object.
+ * The supplied credential parameter will be internally duplicated.
+ *
+ * @param out The newly created credential object.
+ * @param username The username of the credential.
+ * @param password The password of the credential.
+ * @return 0 for success or an error code for failure
+ */
+GIT_EXTERN(int) git_credential_userpass_plaintext_new(
+	git_credential **out,
+	const char *username,
+	const char *password);
+
+/**
+ * Create a "default" credential usable for Negotiate mechanisms like NTLM
+ * or Kerberos authentication.
+ *
+ * @param out The newly created credential object.
+ * @return 0 for success or an error code for failure
+ */
+GIT_EXTERN(int) git_credential_default_new(git_credential **out);
+
+/**
+ * Create a credential to specify a username.
+ *
+ * This is used with ssh authentication to query for the username if
+ * none is specified in the url.
+ *
+ * @param out The newly created credential object.
+ * @param username The username to authenticate with
+ * @return 0 for success or an error code for failure
+ */
+GIT_EXTERN(int) git_credential_username_new(git_credential **out, const char *username);
+
+/**
+ * Create a new passphrase-protected ssh key credential object.
+ * The supplied credential parameter will be internally duplicated.
+ *
+ * @param out The newly created credential object.
+ * @param username username to use to authenticate
+ * @param publickey The path to the public key of the credential.
+ * @param privatekey The path to the private key of the credential.
+ * @param passphrase The passphrase of the credential.
+ * @return 0 for success or an error code for failure
+ */
+GIT_EXTERN(int) git_credential_ssh_key_new(
+	git_credential **out,
+	const char *username,
+	const char *publickey,
+	const char *privatekey,
+	const char *passphrase);
+
+/**
+ * Create a new ssh key credential object reading the keys from memory.
+ *
+ * @param out The newly created credential object.
+ * @param username username to use to authenticate.
+ * @param publickey The public key of the credential.
+ * @param privatekey The private key of the credential.
+ * @param passphrase The passphrase of the credential.
+ * @return 0 for success or an error code for failure
+ */
+GIT_EXTERN(int) git_credential_ssh_key_memory_new(
+	git_credential **out,
+	const char *username,
+	const char *publickey,
+	const char *privatekey,
+	const char *passphrase);
+
+/*
+ * If the user hasn't included libssh2.h before git2.h, we need to
+ * define a few types for the callback signatures.
+ */
+#ifndef LIBSSH2_VERSION
+typedef struct _LIBSSH2_SESSION LIBSSH2_SESSION;
+typedef struct _LIBSSH2_USERAUTH_KBDINT_PROMPT LIBSSH2_USERAUTH_KBDINT_PROMPT;
+typedef struct _LIBSSH2_USERAUTH_KBDINT_RESPONSE LIBSSH2_USERAUTH_KBDINT_RESPONSE;
+#endif
+
+typedef void GIT_CALLBACK(git_credential_ssh_interactive_cb)(
+	const char *name,
+	int name_len,
+	const char *instruction, int instruction_len,
+	int num_prompts, const LIBSSH2_USERAUTH_KBDINT_PROMPT *prompts,
+	LIBSSH2_USERAUTH_KBDINT_RESPONSE *responses,
+	void **abstract);
+
+
+/**
+ * Create a new ssh keyboard-interactive based credential object.
+ * The supplied credential parameter will be internally duplicated.
+ *
+ * @param username Username to use to authenticate.
+ * @param prompt_callback The callback method used for prompts.
+ * @param payload Additional data to pass to the callback.
+ * @return 0 for success or an error code for failure.
+ */
+GIT_EXTERN(int) git_credential_ssh_interactive_new(
+	git_credential **out,
+	const char *username,
+	git_credential_ssh_interactive_cb prompt_callback,
+	void *payload);
+
+/**
+ * Create a new ssh key credential object used for querying an ssh-agent.
+ * The supplied credential parameter will be internally duplicated.
+ *
+ * @param out The newly created credential object.
+ * @param username username to use to authenticate
+ * @return 0 for success or an error code for failure
+ */
+GIT_EXTERN(int) git_credential_ssh_key_from_agent(
+	git_credential **out,
+	const char *username);
+
+typedef int GIT_CALLBACK(git_credential_sign_cb)(
+	LIBSSH2_SESSION *session,
+	unsigned char **sig, size_t *sig_len,
+	const unsigned char *data, size_t data_len,
+	void **abstract);
+
+/**
+ * Create an ssh key credential with a custom signing function.
+ *
+ * This lets you use your own function to sign the challenge.
+ *
+ * This function and its credential type is provided for completeness
+ * and wraps `libssh2_userauth_publickey()`, which is undocumented.
+ *
+ * The supplied credential parameter will be internally duplicated.
+ *
+ * @param out The newly created credential object.
+ * @param username username to use to authenticate
+ * @param publickey The bytes of the public key.
+ * @param publickey_len The length of the public key in bytes.
+ * @param sign_callback The callback method to sign the data during the challenge.
+ * @param payload Additional data to pass to the callback.
+ * @return 0 for success or an error code for failure
+ */
+GIT_EXTERN(int) git_credential_ssh_custom_new(
+	git_credential **out,
+	const char *username,
+	const char *publickey,
+	size_t publickey_len,
+	git_credential_sign_cb sign_callback,
+	void *payload);
+
+/** @} */
+GIT_END_DECL
+#endif
diff --git a/include/git2/credential_helpers.h b/include/git2/credential_helpers.h
new file mode 100644
index 0000000..9a70ecb
--- /dev/null
+++ b/include/git2/credential_helpers.h
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) the libgit2 contributors. All rights reserved.
+ *
+ * This file is part of libgit2, distributed under the GNU GPL v2 with
+ * a Linking Exception. For full terms see the included COPYING file.
+ */
+#ifndef INCLUDE_git_credential_helpers_h__
+#define INCLUDE_git_credential_helpers_h__
+
+#include "transport.h"
+
+/**
+ * @file git2/credential_helpers.h
+ * @brief Utility functions for credential management
+ * @defgroup git_credential_helpers credential management helpers
+ * @ingroup Git
+ * @{
+ */
+GIT_BEGIN_DECL
+
+/**
+ * Payload for git_credential_userpass_plaintext.
+ */
+typedef struct git_credential_userpass_payload {
+	const char *username;
+	const char *password;
+} git_credential_userpass_payload;
+
+
+/**
+ * Stock callback usable as a git_credential_acquire_cb.  This calls
+ * git_cred_userpass_plaintext_new unless the protocol has not specified
+ * `GIT_CREDENTIAL_USERPASS_PLAINTEXT` as an allowed type.
+ *
+ * @param out The newly created credential object.
+ * @param url The resource for which we are demanding a credential.
+ * @param user_from_url The username that was embedded in a "user\@host"
+ *                          remote url, or NULL if not included.
+ * @param allowed_types A bitmask stating which credential types are OK to return.
+ * @param payload The payload provided when specifying this callback.  (This is
+ *        interpreted as a `git_credential_userpass_payload*`.)
+ */
+GIT_EXTERN(int) git_credential_userpass(
+		git_credential **out,
+		const char *url,
+		const char *user_from_url,
+		unsigned int allowed_types,
+		void *payload);
+
+/** @} */
+GIT_END_DECL
+#endif
diff --git a/include/git2/deprecated.h b/include/git2/deprecated.h
index 7eb21dc..61d0115 100644
--- a/include/git2/deprecated.h
+++ b/include/git2/deprecated.h
@@ -33,6 +33,8 @@
 #include "status.h"
 #include "submodule.h"
 #include "worktree.h"
+#include "credential.h"
+#include "credential_helpers.h"
 
 /*
  * Users can avoid deprecated functions by defining `GIT_DEPRECATE_HARD`.
@@ -359,7 +361,7 @@ GIT_EXTERN(int) git_tag_create_frombuffer(
 
 /**@}*/
 
-/** @name Deprecated Credential Callback Types
+/** @name Deprecated Credential Types
  *
  * These types are retained for backward compatibility.  The newer
  * versions of these values should be preferred in all new code.
@@ -368,8 +370,77 @@ GIT_EXTERN(int) git_tag_create_frombuffer(
  * this time.
  */
 
-typedef git_cred_sign_cb git_cred_sign_callback;
-typedef git_cred_ssh_interactive_cb git_cred_ssh_interactive_callback;
+typedef git_credential git_cred;
+typedef git_credential_userpass_plaintext git_cred_userpass_plaintext;
+typedef git_credential_username git_cred_username;
+typedef git_credential_default git_cred_default;
+typedef git_credential_ssh_key git_cred_ssh_key;
+typedef git_credential_ssh_interactive git_cred_ssh_interactive;
+typedef git_credential_ssh_custom git_cred_ssh_custom;
+
+typedef git_credential_acquire_cb git_cred_acquire_cb;
+typedef git_credential_sign_cb git_cred_sign_callback;
+typedef git_credential_sign_cb git_cred_sign_cb;
+typedef git_credential_ssh_interactive_cb git_cred_ssh_interactive_callback;
+typedef git_credential_ssh_interactive_cb git_cred_ssh_interactive_cb;
+
+#define git_credtype_t git_credential_t
+
+#define GIT_CREDTYPE_USERPASS_PLAINTEXT GIT_CREDENTIAL_USERPASS_PLAINTEXT
+#define GIT_CREDTYPE_SSH_KEY GIT_CREDENTIAL_SSH_KEY
+#define GIT_CREDTYPE_SSH_CUSTOM GIT_CREDENTIAL_SSH_CUSTOM
+#define GIT_CREDTYPE_DEFAULT GIT_CREDENTIAL_DEFAULT
+#define GIT_CREDTYPE_SSH_INTERACTIVE GIT_CREDENTIAL_SSH_INTERACTIVE
+#define GIT_CREDTYPE_USERNAME GIT_CREDENTIAL_USERNAME
+#define GIT_CREDTYPE_SSH_MEMORY GIT_CREDENTIAL_SSH_MEMORY
+
+GIT_EXTERN(void) git_cred_free(git_credential *cred);
+GIT_EXTERN(int) git_cred_has_username(git_credential *cred);
+GIT_EXTERN(const char *) git_cred_get_username(git_credential *cred);
+GIT_EXTERN(int) git_cred_userpass_plaintext_new(
+	git_credential **out,
+	const char *username,
+	const char *password);
+GIT_EXTERN(int) git_cred_default_new(git_credential **out);
+GIT_EXTERN(int) git_cred_username_new(git_credential **out, const char *username);
+GIT_EXTERN(int) git_cred_ssh_key_new(
+	git_credential **out,
+	const char *username,
+	const char *publickey,
+	const char *privatekey,
+	const char *passphrase);
+GIT_EXTERN(int) git_cred_ssh_key_memory_new(
+	git_credential **out,
+	const char *username,
+	const char *publickey,
+	const char *privatekey,
+	const char *passphrase);
+GIT_EXTERN(int) git_cred_ssh_interactive_new(
+	git_credential **out,
+	const char *username,
+	git_credential_ssh_interactive_cb prompt_callback,
+	void *payload);
+GIT_EXTERN(int) git_cred_ssh_key_from_agent(
+	git_credential **out,
+	const char *username);
+GIT_EXTERN(int) git_cred_ssh_custom_new(
+	git_credential **out,
+	const char *username,
+	const char *publickey,
+	size_t publickey_len,
+	git_credential_sign_cb sign_callback,
+	void *payload);
+
+/* Deprecated Credential Helper Types */
+
+typedef git_credential_userpass_payload git_cred_userpass_payload;
+
+GIT_EXTERN(int) git_cred_userpass(
+	git_credential **out,
+	const char *url,
+	const char *user_from_url,
+	unsigned int allowed_types,
+	void *payload);
 
 /**@}*/
 
diff --git a/include/git2/proxy.h b/include/git2/proxy.h
index f959ae2..653425d 100644
--- a/include/git2/proxy.h
+++ b/include/git2/proxy.h
@@ -10,7 +10,7 @@
 #include "common.h"
 
 #include "cert.h"
-#include "cred.h"
+#include "credential.h"
 
 GIT_BEGIN_DECL
 
@@ -61,7 +61,7 @@ typedef struct {
 	 * Returning GIT_PASSTHROUGH will make libgit2 behave as
 	 * though this field isn't set.
 	 */
-	git_cred_acquire_cb credentials;
+	git_credential_acquire_cb credentials;
 
 	/**
 	 * If cert verification fails, this will be called to let the
diff --git a/include/git2/remote.h b/include/git2/remote.h
index a6ed4cb..51d9c72 100644
--- a/include/git2/remote.h
+++ b/include/git2/remote.h
@@ -519,7 +519,7 @@ struct git_remote_callbacks {
 	 * Returning GIT_PASSTHROUGH will make libgit2 behave as
 	 * though this field isn't set.
 	 */
-	git_cred_acquire_cb credentials;
+	git_credential_acquire_cb credentials;
 
 	/**
 	 * If cert verification fails, this will be called to let the
diff --git a/include/git2/sys/cred.h b/include/git2/sys/cred.h
index 7636e79..4d2a59a 100644
--- a/include/git2/sys/cred.h
+++ b/include/git2/sys/cred.h
@@ -7,84 +7,9 @@
 #ifndef INCLUDE_sys_git_cred_h__
 #define INCLUDE_sys_git_cred_h__
 
-#include "git2/common.h"
-#include "git2/cred.h"
-
-/**
- * @file git2/sys/cred.h
- * @brief Git credentials low-level implementation
- * @defgroup git_cred Git credentials low-level implementation
- * @ingroup Git
- * @{
- */
-GIT_BEGIN_DECL
-
-/**
- * The base structure for all credential types
- */
-struct git_cred {
-	git_credtype_t credtype; /**< A type of credential */
-
-	/** The deallocator for this type of credentials */
-	void GIT_CALLBACK(free)(git_cred *cred);
-};
-
-/** A plaintext username and password */
-struct git_cred_userpass_plaintext {
-	git_cred parent; /**< The parent cred */
-	char *username; /**< The username to authenticate as */
-	char *password; /**< The password to use */
-};
-
-/** Username-only credential information */
-struct git_cred_username {
-	git_cred parent; /**< The parent cred */
-	char username[1]; /**< The username to authenticate as */
-};
-
-/**
- * A ssh key from disk
- */
-struct git_cred_ssh_key {
-	git_cred parent; /**< The parent cred */
-	char *username; /**< The username to authenticate as */
-	char *publickey; /**< The path to a public key */
-	char *privatekey; /**< The path to a private key */
-	char *passphrase; /**< Passphrase used to decrypt the private key */
-};
-
-/**
- * Keyboard-interactive based ssh authentication
- */
-struct git_cred_ssh_interactive {
-	git_cred parent; /**< The parent cred */
-	char *username; /**< The username to authenticate as */
-
-	/**
-	 * Callback used for authentication.
-	 */
-	git_cred_ssh_interactive_cb prompt_callback;
-
-	void *payload; /**< Payload passed to prompt_callback */
-};
-
-/**
- * A key with a custom signature function
- */
-struct git_cred_ssh_custom {
-	git_cred parent; /**< The parent cred */
-	char *username; /**< The username to authenticate as */
-	char *publickey; /**< The public key data */
-	size_t publickey_len; /**< Length of the public key */
-
-	/**
-	 * Callback used to sign the data.
-	 */
-	git_cred_sign_cb sign_callback;
-
-	void *payload; /**< Payload passed to prompt_callback */
-};
-
-GIT_END_DECL
+/* These declarations have moved. */
+#ifndef GIT_DEPRECATE_HARD
+# include "git2/sys/credential.h"
+#endif
 
 #endif
diff --git a/include/git2/sys/credential.h b/include/git2/sys/credential.h
new file mode 100644
index 0000000..bb4c9f9
--- /dev/null
+++ b/include/git2/sys/credential.h
@@ -0,0 +1,90 @@
+/*
+ * Copyright (C) the libgit2 contributors. All rights reserved.
+ *
+ * This file is part of libgit2, distributed under the GNU GPL v2 with
+ * a Linking Exception. For full terms see the included COPYING file.
+ */
+#ifndef INCLUDE_sys_git_credential_h__
+#define INCLUDE_sys_git_credential_h__
+
+#include "git2/common.h"
+#include "git2/credential.h"
+
+/**
+ * @file git2/sys/cred.h
+ * @brief Git credentials low-level implementation
+ * @defgroup git_credential Git credentials low-level implementation
+ * @ingroup Git
+ * @{
+ */
+GIT_BEGIN_DECL
+
+/**
+ * The base structure for all credential types
+ */
+struct git_credential {
+	git_credential_t credtype; /**< A type of credential */
+
+	/** The deallocator for this type of credentials */
+	void GIT_CALLBACK(free)(git_credential *cred);
+};
+
+/** A plaintext username and password */
+struct git_credential_userpass_plaintext {
+	git_credential parent; /**< The parent credential */
+	char *username;        /**< The username to authenticate as */
+	char *password;        /**< The password to use */
+};
+
+/** Username-only credential information */
+struct git_credential_username {
+	git_credential parent; /**< The parent credential */
+	char username[1];      /**< The username to authenticate as */
+};
+
+/**
+ * A ssh key from disk
+ */
+struct git_credential_ssh_key {
+	git_credential parent; /**< The parent credential */
+	char *username;        /**< The username to authenticate as */
+	char *publickey;       /**< The path to a public key */
+	char *privatekey;      /**< The path to a private key */
+	char *passphrase;      /**< Passphrase to decrypt the private key */
+};
+
+/**
+ * Keyboard-interactive based ssh authentication
+ */
+struct git_credential_ssh_interactive {
+	git_credential parent; /**< The parent credential */
+	char *username;        /**< The username to authenticate as */
+
+	/**
+	 * Callback used for authentication.
+	 */
+	git_credential_ssh_interactive_cb prompt_callback;
+
+	void *payload;         /**< Payload passed to prompt_callback */
+};
+
+/**
+ * A key with a custom signature function
+ */
+struct git_credential_ssh_custom {
+	git_credential parent; /**< The parent credential */
+	char *username;        /**< The username to authenticate as */
+	char *publickey;       /**< The public key data */
+	size_t publickey_len;  /**< Length of the public key */
+
+	/**
+	 * Callback used to sign the data.
+	 */
+	git_credential_sign_cb sign_callback;
+
+	void *payload;         /**< Payload passed to prompt_callback */
+};
+
+GIT_END_DECL
+
+#endif
diff --git a/include/git2/sys/transport.h b/include/git2/sys/transport.h
index d7c7313..6cee42f 100644
--- a/include/git2/sys/transport.h
+++ b/include/git2/sys/transport.h
@@ -55,7 +55,7 @@ struct git_transport {
 	int GIT_CALLBACK(connect)(
 		git_transport *transport,
 		const char *url,
-		git_cred_acquire_cb cred_acquire_cb,
+		git_credential_acquire_cb cred_acquire_cb,
 		void *cred_acquire_payload,
 		const git_proxy_options *proxy_opts,
 		int direction,
@@ -266,7 +266,7 @@ GIT_EXTERN(int) git_transport_smart_certificate_check(git_transport *transport, 
  *         refused to provide credentials and callers should behave as if no
  *         callback was set), or < 0 for an error
  */
-GIT_EXTERN(int) git_transport_smart_credentials(git_cred **out, git_transport *transport, const char *user, int methods);
+GIT_EXTERN(int) git_transport_smart_credentials(git_credential **out, git_transport *transport, const char *user, int methods);
 
 /**
  * Get a copy of the proxy options
diff --git a/include/git2/transport.h b/include/git2/transport.h
index b99bb30..fc99ce8 100644
--- a/include/git2/transport.h
+++ b/include/git2/transport.h
@@ -11,7 +11,7 @@
 #include "net.h"
 #include "types.h"
 #include "cert.h"
-#include "cred.h"
+#include "credential.h"
 
 /**
  * @file git2/transport.h
diff --git a/src/remote.c b/src/remote.c
index e65d036..740dd94 100644
--- a/src/remote.c
+++ b/src/remote.c
@@ -710,7 +710,7 @@ int git_remote__connect(git_remote *remote, git_direction direction, const git_r
 	int flags = GIT_TRANSPORTFLAGS_NONE;
 	int error;
 	void *payload = NULL;
-	git_cred_acquire_cb credentials = NULL;
+	git_credential_acquire_cb credentials = NULL;
 	git_transport_cb transport = NULL;
 
 	assert(remote);
diff --git a/src/transports/auth.c b/src/transports/auth.c
index b5f9b40..4aa3df0 100644
--- a/src/transports/auth.c
+++ b/src/transports/auth.c
@@ -9,25 +9,25 @@
 
 #include "git2.h"
 #include "buffer.h"
-#include "git2/sys/cred.h"
+#include "git2/sys/credential.h"
 
 static int basic_next_token(
 	git_buf *out,
 	git_http_auth_context *ctx,
-	git_cred *c)
+	git_credential *c)
 {
-	git_cred_userpass_plaintext *cred;
+	git_credential_userpass_plaintext *cred;
 	git_buf raw = GIT_BUF_INIT;
 	int error = -1;
 
 	GIT_UNUSED(ctx);
 
-	if (c->credtype != GIT_CREDTYPE_USERPASS_PLAINTEXT) {
+	if (c->credtype != GIT_CREDENTIAL_USERPASS_PLAINTEXT) {
 		git_error_set(GIT_ERROR_INVALID, "invalid credential type for basic auth");
 		goto on_error;
 	}
 
-	cred = (git_cred_userpass_plaintext *)c;
+	cred = (git_credential_userpass_plaintext *)c;
 
 	git_buf_printf(&raw, "%s:%s", cred->username, cred->password);
 
@@ -48,7 +48,7 @@ on_error:
 
 static git_http_auth_context basic_context = {
 	GIT_HTTP_AUTH_BASIC,
-	GIT_CREDTYPE_USERPASS_PLAINTEXT,
+	GIT_CREDENTIAL_USERPASS_PLAINTEXT,
 	0,
 	NULL,
 	basic_next_token,
diff --git a/src/transports/auth.h b/src/transports/auth.h
index 7624676..9caac46 100644
--- a/src/transports/auth.h
+++ b/src/transports/auth.h
@@ -26,7 +26,7 @@ struct git_http_auth_context {
 	git_http_auth_t type;
 
 	/** Supported credentials */
-	git_credtype_t credtypes;
+	git_credential_t credtypes;
 
 	/** Connection affinity or request affinity */
 	unsigned connection_affinity : 1;
@@ -35,7 +35,7 @@ struct git_http_auth_context {
 	int (*set_challenge)(git_http_auth_context *ctx, const char *challenge);
 
 	/** Gets the next authentication token from the context */
-	int (*next_token)(git_buf *out, git_http_auth_context *ctx, git_cred *cred);
+	int (*next_token)(git_buf *out, git_http_auth_context *ctx, git_credential *cred);
 
 	/** Examines if all tokens have been presented. */
 	int (*is_complete)(git_http_auth_context *ctx);
@@ -52,7 +52,7 @@ typedef struct {
 	const char *name;
 
 	/** Credential types this scheme supports */
-	git_credtype_t credtypes;
+	git_credential_t credtypes;
 
 	/** Function to initialize an authentication context */
 	int (*init_context)(
diff --git a/src/transports/auth_negotiate.c b/src/transports/auth_negotiate.c
index 8fa44cd..8a614b8 100644
--- a/src/transports/auth_negotiate.c
+++ b/src/transports/auth_negotiate.c
@@ -12,7 +12,7 @@
 #include "git2.h"
 #include "buffer.h"
 #include "auth.h"
-#include "git2/sys/cred.h"
+#include "git2/sys/credential.h"
 
 #ifdef GIT_GSSFRAMEWORK
 #import <GSS/GSS.h>
@@ -94,7 +94,7 @@ static void negotiate_context_dispose(http_auth_negotiate_context *ctx)
 static int negotiate_next_token(
 	git_buf *buf,
 	git_http_auth_context *c,
-	git_cred *cred)
+	git_credential *cred)
 {
 	http_auth_negotiate_context *ctx = (http_auth_negotiate_context *)c;
 	OM_uint32 status_major, status_minor;
@@ -108,7 +108,7 @@ static int negotiate_next_token(
 	size_t challenge_len;
 	int error = 0;
 
-	assert(buf && ctx && ctx->configured && cred && cred->credtype == GIT_CREDTYPE_DEFAULT);
+	assert(buf && ctx && ctx->configured && cred && cred->credtype == GIT_CREDENTIAL_DEFAULT);
 
 	if (ctx->complete)
 		return 0;
@@ -292,7 +292,7 @@ int git_http_auth_negotiate(
 	}
 
 	ctx->parent.type = GIT_HTTP_AUTH_NEGOTIATE;
-	ctx->parent.credtypes = GIT_CREDTYPE_DEFAULT;
+	ctx->parent.credtypes = GIT_CREDENTIAL_DEFAULT;
 	ctx->parent.connection_affinity = 1;
 	ctx->parent.set_challenge = negotiate_set_challenge;
 	ctx->parent.next_token = negotiate_next_token;
diff --git a/src/transports/auth_ntlm.c b/src/transports/auth_ntlm.c
index 7d9c597..02a861f 100644
--- a/src/transports/auth_ntlm.c
+++ b/src/transports/auth_ntlm.c
@@ -10,7 +10,7 @@
 #include "buffer.h"
 #include "auth.h"
 #include "auth_ntlm.h"
-#include "git2/sys/cred.h"
+#include "git2/sys/credential.h"
 
 #ifdef GIT_NTLM
 
@@ -39,15 +39,15 @@ static int ntlm_set_challenge(
 	return 0;
 }
 
-static int ntlm_set_credentials(http_auth_ntlm_context *ctx, git_cred *_cred)
+static int ntlm_set_credentials(http_auth_ntlm_context *ctx, git_credential *_cred)
 {
-	git_cred_userpass_plaintext *cred;
+	git_credential_userpass_plaintext *cred;
 	const char *sep, *username;
 	char *domain = NULL, *domainuser = NULL;
 	int error = 0;
 
-	assert(_cred->credtype == GIT_CREDTYPE_USERPASS_PLAINTEXT);
-	cred = (git_cred_userpass_plaintext *)_cred;
+	assert(_cred->credtype == GIT_CREDENTIAL_USERPASS_PLAINTEXT);
+	cred = (git_credential_userpass_plaintext *)_cred;
 
 	if ((sep = strchr(cred->username, '\\')) != NULL) {
 		domain = strndup(cred->username, (sep - cred->username));
@@ -78,7 +78,7 @@ done:
 static int ntlm_next_token(
 	git_buf *buf,
 	git_http_auth_context *c,
-	git_cred *cred)
+	git_credential *cred)
 {
 	http_auth_ntlm_context *ctx = (http_auth_ntlm_context *)c;
 	git_buf input_buf = GIT_BUF_INIT;
@@ -208,7 +208,7 @@ int git_http_auth_ntlm(
 	}
 
 	ctx->parent.type = GIT_HTTP_AUTH_NTLM;
-	ctx->parent.credtypes = GIT_CREDTYPE_USERPASS_PLAINTEXT;
+	ctx->parent.credtypes = GIT_CREDENTIAL_USERPASS_PLAINTEXT;
 	ctx->parent.connection_affinity = 1;
 	ctx->parent.set_challenge = ntlm_set_challenge;
 	ctx->parent.next_token = ntlm_next_token;
diff --git a/src/transports/cred.c b/src/transports/cred.c
deleted file mode 100644
index 80c4d36..0000000
--- a/src/transports/cred.c
+++ /dev/null
@@ -1,390 +0,0 @@
-/*
- * Copyright (C) the libgit2 contributors. All rights reserved.
- *
- * This file is part of libgit2, distributed under the GNU GPL v2 with
- * a Linking Exception. For full terms see the included COPYING file.
- */
-
-#include "common.h"
-
-#include "git2/cred.h"
-#include "git2/sys/cred.h"
-#include "git2/cred_helpers.h"
-
-static int git_cred_ssh_key_type_new(
-	git_cred **cred,
-	const char *username,
-	const char *publickey,
-	const char *privatekey,
-	const char *passphrase,
-	git_credtype_t credtype);
-
-int git_cred_has_username(git_cred *cred)
-{
-	if (cred->credtype == GIT_CREDTYPE_DEFAULT)
-		return 0;
-
-	return 1;
-}
-
-const char *git_cred_get_username(git_cred *cred)
-{
-	switch (cred->credtype) {
-	case GIT_CREDTYPE_USERNAME:
-	{
-		git_cred_username *c = (git_cred_username *) cred;
-		return c->username;
-	}
-	case GIT_CREDTYPE_USERPASS_PLAINTEXT:
-	{
-		git_cred_userpass_plaintext *c = (git_cred_userpass_plaintext *) cred;
-		return c->username;
-	}
-	case GIT_CREDTYPE_SSH_KEY:
-	case GIT_CREDTYPE_SSH_MEMORY:
-	{
-		git_cred_ssh_key *c = (git_cred_ssh_key *) cred;
-		return c->username;
-	}
-	case GIT_CREDTYPE_SSH_CUSTOM:
-	{
-		git_cred_ssh_custom *c = (git_cred_ssh_custom *) cred;
-		return c->username;
-	}
-	case GIT_CREDTYPE_SSH_INTERACTIVE:
-	{
-		git_cred_ssh_interactive *c = (git_cred_ssh_interactive *) cred;
-		return c->username;
-	}
-
-	default:
-		return NULL;
-	}
-}
-
-static void plaintext_free(struct git_cred *cred)
-{
-	git_cred_userpass_plaintext *c = (git_cred_userpass_plaintext *)cred;
-
-	git__free(c->username);
-
-	/* Zero the memory which previously held the password */
-	if (c->password) {
-		size_t pass_len = strlen(c->password);
-		git__memzero(c->password, pass_len);
-		git__free(c->password);
-	}
-
-	git__free(c);
-}
-
-int git_cred_userpass_plaintext_new(
-	git_cred **cred,
-	const char *username,
-	const char *password)
-{
-	git_cred_userpass_plaintext *c;
-
-	assert(cred && username && password);
-
-	c = git__malloc(sizeof(git_cred_userpass_plaintext));
-	GIT_ERROR_CHECK_ALLOC(c);
-
-	c->parent.credtype = GIT_CREDTYPE_USERPASS_PLAINTEXT;
-	c->parent.free = plaintext_free;
-	c->username = git__strdup(username);
-
-	if (!c->username) {
-		git__free(c);
-		return -1;
-	}
-
-	c->password = git__strdup(password);
-
-	if (!c->password) {
-		git__free(c->username);
-		git__free(c);
-		return -1;
-	}
-
-	*cred = &c->parent;
-	return 0;
-}
-
-static void ssh_key_free(struct git_cred *cred)
-{
-	git_cred_ssh_key *c =
-		(git_cred_ssh_key *)cred;
-
-	git__free(c->username);
-
-	if (c->privatekey) {
-		/* Zero the memory which previously held the private key */
-		size_t key_len = strlen(c->privatekey);
-		git__memzero(c->privatekey, key_len);
-		git__free(c->privatekey);
-	}
-
-	if (c->passphrase) {
-		/* Zero the memory which previously held the passphrase */
-		size_t pass_len = strlen(c->passphrase);
-		git__memzero(c->passphrase, pass_len);
-		git__free(c->passphrase);
-	}
-
-	if (c->publickey) {
-		/* Zero the memory which previously held the public key */
-		size_t key_len = strlen(c->publickey);
-		git__memzero(c->publickey, key_len);
-		git__free(c->publickey);
-	}
-
-	git__free(c);
-}
-
-static void ssh_interactive_free(struct git_cred *cred)
-{
-	git_cred_ssh_interactive *c = (git_cred_ssh_interactive *)cred;
-
-	git__free(c->username);
-
-	git__free(c);
-}
-
-static void ssh_custom_free(struct git_cred *cred)
-{
-	git_cred_ssh_custom *c = (git_cred_ssh_custom *)cred;
-
-	git__free(c->username);
-
-	if (c->publickey) {
-		/* Zero the memory which previously held the publickey */
-		size_t key_len = strlen(c->publickey);
-		git__memzero(c->publickey, key_len);
-		git__free(c->publickey);
-	}
-
-	git__free(c);
-}
-
-static void default_free(struct git_cred *cred)
-{
-	git_cred_default *c = (git_cred_default *)cred;
-
-	git__free(c);
-}
-
-static void username_free(struct git_cred *cred)
-{
-	git__free(cred);
-}
-
-int git_cred_ssh_key_new(
-	git_cred **cred,
-	const char *username,
-	const char *publickey,
-	const char *privatekey,
-	const char *passphrase)
-{
-	return git_cred_ssh_key_type_new(
-		cred,
-		username,
-		publickey,
-		privatekey,
-		passphrase,
-		GIT_CREDTYPE_SSH_KEY);
-}
-
-int git_cred_ssh_key_memory_new(
-	git_cred **cred,
-	const char *username,
-	const char *publickey,
-	const char *privatekey,
-	const char *passphrase)
-{
-#ifdef GIT_SSH_MEMORY_CREDENTIALS
-	return git_cred_ssh_key_type_new(
-		cred,
-		username,
-		publickey,
-		privatekey,
-		passphrase,
-		GIT_CREDTYPE_SSH_MEMORY);
-#else
-	GIT_UNUSED(cred);
-	GIT_UNUSED(username);
-	GIT_UNUSED(publickey);
-	GIT_UNUSED(privatekey);
-	GIT_UNUSED(passphrase);
-
-	git_error_set(GIT_ERROR_INVALID,
-		"this version of libgit2 was not built with ssh memory credentials.");
-	return -1;
-#endif
-}
-
-static int git_cred_ssh_key_type_new(
-	git_cred **cred,
-	const char *username,
-	const char *publickey,
-	const char *privatekey,
-	const char *passphrase,
-	git_credtype_t credtype)
-{
-	git_cred_ssh_key *c;
-
-	assert(username && cred && privatekey);
-
-	c = git__calloc(1, sizeof(git_cred_ssh_key));
-	GIT_ERROR_CHECK_ALLOC(c);
-
-	c->parent.credtype = credtype;
-	c->parent.free = ssh_key_free;
-
-	c->username = git__strdup(username);
-	GIT_ERROR_CHECK_ALLOC(c->username);
-
-	c->privatekey = git__strdup(privatekey);
-	GIT_ERROR_CHECK_ALLOC(c->privatekey);
-
-	if (publickey) {
-		c->publickey = git__strdup(publickey);
-		GIT_ERROR_CHECK_ALLOC(c->publickey);
-	}
-
-	if (passphrase) {
-		c->passphrase = git__strdup(passphrase);
-		GIT_ERROR_CHECK_ALLOC(c->passphrase);
-	}
-
-	*cred = &c->parent;
-	return 0;
-}
-
-int git_cred_ssh_interactive_new(
-	git_cred **out,
-	const char *username,
-	git_cred_ssh_interactive_cb prompt_callback,
-	void *payload)
-{
-	git_cred_ssh_interactive *c;
-
-	assert(out && username && prompt_callback);
-
-	c = git__calloc(1, sizeof(git_cred_ssh_interactive));
-	GIT_ERROR_CHECK_ALLOC(c);
-
-	c->parent.credtype = GIT_CREDTYPE_SSH_INTERACTIVE;
-	c->parent.free = ssh_interactive_free;
-
-	c->username = git__strdup(username);
-	GIT_ERROR_CHECK_ALLOC(c->username);
-
-	c->prompt_callback = prompt_callback;
-	c->payload = payload;
-
-	*out = &c->parent;
-	return 0;
-}
-
-int git_cred_ssh_key_from_agent(git_cred **cred, const char *username) {
-	git_cred_ssh_key *c;
-
-	assert(username && cred);
-
-	c = git__calloc(1, sizeof(git_cred_ssh_key));
-	GIT_ERROR_CHECK_ALLOC(c);
-
-	c->parent.credtype = GIT_CREDTYPE_SSH_KEY;
-	c->parent.free = ssh_key_free;
-
-	c->username = git__strdup(username);
-	GIT_ERROR_CHECK_ALLOC(c->username);
-
-	c->privatekey = NULL;
-
-	*cred = &c->parent;
-	return 0;
-}
-
-int git_cred_ssh_custom_new(
-	git_cred **cred,
-	const char *username,
-	const char *publickey,
-	size_t publickey_len,
-	git_cred_sign_cb sign_callback,
-	void *payload)
-{
-	git_cred_ssh_custom *c;
-
-	assert(username && cred);
-
-	c = git__calloc(1, sizeof(git_cred_ssh_custom));
-	GIT_ERROR_CHECK_ALLOC(c);
-
-	c->parent.credtype = GIT_CREDTYPE_SSH_CUSTOM;
-	c->parent.free = ssh_custom_free;
-
-	c->username = git__strdup(username);
-	GIT_ERROR_CHECK_ALLOC(c->username);
-
-	if (publickey_len > 0) {
-		c->publickey = git__malloc(publickey_len);
-		GIT_ERROR_CHECK_ALLOC(c->publickey);
-
-		memcpy(c->publickey, publickey, publickey_len);
-	}
-
-	c->publickey_len = publickey_len;
-	c->sign_callback = sign_callback;
-	c->payload = payload;
-
-	*cred = &c->parent;
-	return 0;
-}
-
-int git_cred_default_new(git_cred **cred)
-{
-	git_cred_default *c;
-
-	assert(cred);
-
-	c = git__calloc(1, sizeof(git_cred_default));
-	GIT_ERROR_CHECK_ALLOC(c);
-
-	c->credtype = GIT_CREDTYPE_DEFAULT;
-	c->free = default_free;
-
-	*cred = c;
-	return 0;
-}
-
-int git_cred_username_new(git_cred **cred, const char *username)
-{
-	git_cred_username *c;
-	size_t len, allocsize;
-
-	assert(cred);
-
-	len = strlen(username);
-
-	GIT_ERROR_CHECK_ALLOC_ADD(&allocsize, sizeof(git_cred_username), len);
-	GIT_ERROR_CHECK_ALLOC_ADD(&allocsize, allocsize, 1);
-	c = git__malloc(allocsize);
-	GIT_ERROR_CHECK_ALLOC(c);
-
-	c->parent.credtype = GIT_CREDTYPE_USERNAME;
-	c->parent.free = username_free;
-	memcpy(c->username, username, len + 1);
-
-	*cred = (git_cred *) c;
-	return 0;
-}
-
-void git_cred_free(git_cred *cred)
-{
-	if (!cred)
-		return;
-
-	cred->free(cred);
-}
diff --git a/src/transports/cred_helpers.c b/src/transports/cred_helpers.c
deleted file mode 100644
index fdc56b1..0000000
--- a/src/transports/cred_helpers.c
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright (C) the libgit2 contributors. All rights reserved.
- *
- * This file is part of libgit2, distributed under the GNU GPL v2 with
- * a Linking Exception. For full terms see the included COPYING file.
- */
-
-#include "common.h"
-
-#include "git2/cred_helpers.h"
-
-int git_cred_userpass(
-		git_cred **cred,
-		const char *url,
-		const char *user_from_url,
-		unsigned int allowed_types,
-		void *payload)
-{
-	git_cred_userpass_payload *userpass = (git_cred_userpass_payload*)payload;
-	const char *effective_username = NULL;
-
-	GIT_UNUSED(url);
-
-	if (!userpass || !userpass->password) return -1;
-
-	/* Username resolution: a username can be passed with the URL, the
-	 * credentials payload, or both. Here's what we do.  Note that if we get
-	 * this far, we know that any password the url may contain has already
-	 * failed at least once, so we ignore it.
-	 *
-	 * |  Payload    |   URL    |   Used    |
-	 * +-------------+----------+-----------+
-	 * |    yes      |   no     |  payload  |
-	 * |    yes      |   yes    |  payload  |
-	 * |    no       |   yes    |  url      |
-	 * |    no       |   no     |  FAIL     |
-	 */
-	if (userpass->username)
-		effective_username = userpass->username;
-	else if (user_from_url)
-		effective_username = user_from_url;
-	else
-		return -1;
-
-	if (GIT_CREDTYPE_USERNAME & allowed_types)
-		return git_cred_username_new(cred, effective_username);
-
-	if ((GIT_CREDTYPE_USERPASS_PLAINTEXT & allowed_types) == 0 ||
-			git_cred_userpass_plaintext_new(cred, effective_username, userpass->password) < 0)
-		return -1;
-
-	return 0;
-}
diff --git a/src/transports/credential.c b/src/transports/credential.c
new file mode 100644
index 0000000..0cf50a0
--- /dev/null
+++ b/src/transports/credential.c
@@ -0,0 +1,476 @@
+/*
+ * Copyright (C) the libgit2 contributors. All rights reserved.
+ *
+ * This file is part of libgit2, distributed under the GNU GPL v2 with
+ * a Linking Exception. For full terms see the included COPYING file.
+ */
+
+#include "common.h"
+
+#include "git2/credential.h"
+#include "git2/sys/credential.h"
+#include "git2/credential_helpers.h"
+
+static int git_credential_ssh_key_type_new(
+	git_credential **cred,
+	const char *username,
+	const char *publickey,
+	const char *privatekey,
+	const char *passphrase,
+	git_credential_t credtype);
+
+int git_credential_has_username(git_credential *cred)
+{
+	if (cred->credtype == GIT_CREDENTIAL_DEFAULT)
+		return 0;
+
+	return 1;
+}
+
+const char *git_credential_get_username(git_credential *cred)
+{
+	switch (cred->credtype) {
+	case GIT_CREDENTIAL_USERNAME:
+	{
+		git_credential_username *c = (git_credential_username *) cred;
+		return c->username;
+	}
+	case GIT_CREDENTIAL_USERPASS_PLAINTEXT:
+	{
+		git_credential_userpass_plaintext *c = (git_credential_userpass_plaintext *) cred;
+		return c->username;
+	}
+	case GIT_CREDENTIAL_SSH_KEY:
+	case GIT_CREDENTIAL_SSH_MEMORY:
+	{
+		git_credential_ssh_key *c = (git_credential_ssh_key *) cred;
+		return c->username;
+	}
+	case GIT_CREDENTIAL_SSH_CUSTOM:
+	{
+		git_credential_ssh_custom *c = (git_credential_ssh_custom *) cred;
+		return c->username;
+	}
+	case GIT_CREDENTIAL_SSH_INTERACTIVE:
+	{
+		git_credential_ssh_interactive *c = (git_credential_ssh_interactive *) cred;
+		return c->username;
+	}
+
+	default:
+		return NULL;
+	}
+}
+
+static void plaintext_free(struct git_credential *cred)
+{
+	git_credential_userpass_plaintext *c = (git_credential_userpass_plaintext *)cred;
+
+	git__free(c->username);
+
+	/* Zero the memory which previously held the password */
+	if (c->password) {
+		size_t pass_len = strlen(c->password);
+		git__memzero(c->password, pass_len);
+		git__free(c->password);
+	}
+
+	git__free(c);
+}
+
+int git_credential_userpass_plaintext_new(
+	git_credential **cred,
+	const char *username,
+	const char *password)
+{
+	git_credential_userpass_plaintext *c;
+
+	assert(cred && username && password);
+
+	c = git__malloc(sizeof(git_credential_userpass_plaintext));
+	GIT_ERROR_CHECK_ALLOC(c);
+
+	c->parent.credtype = GIT_CREDENTIAL_USERPASS_PLAINTEXT;
+	c->parent.free = plaintext_free;
+	c->username = git__strdup(username);
+
+	if (!c->username) {
+		git__free(c);
+		return -1;
+	}
+
+	c->password = git__strdup(password);
+
+	if (!c->password) {
+		git__free(c->username);
+		git__free(c);
+		return -1;
+	}
+
+	*cred = &c->parent;
+	return 0;
+}
+
+static void ssh_key_free(struct git_credential *cred)
+{
+	git_credential_ssh_key *c =
+		(git_credential_ssh_key *)cred;
+
+	git__free(c->username);
+
+	if (c->privatekey) {
+		/* Zero the memory which previously held the private key */
+		size_t key_len = strlen(c->privatekey);
+		git__memzero(c->privatekey, key_len);
+		git__free(c->privatekey);
+	}
+
+	if (c->passphrase) {
+		/* Zero the memory which previously held the passphrase */
+		size_t pass_len = strlen(c->passphrase);
+		git__memzero(c->passphrase, pass_len);
+		git__free(c->passphrase);
+	}
+
+	if (c->publickey) {
+		/* Zero the memory which previously held the public key */
+		size_t key_len = strlen(c->publickey);
+		git__memzero(c->publickey, key_len);
+		git__free(c->publickey);
+	}
+
+	git__free(c);
+}
+
+static void ssh_interactive_free(struct git_credential *cred)
+{
+	git_credential_ssh_interactive *c = (git_credential_ssh_interactive *)cred;
+
+	git__free(c->username);
+
+	git__free(c);
+}
+
+static void ssh_custom_free(struct git_credential *cred)
+{
+	git_credential_ssh_custom *c = (git_credential_ssh_custom *)cred;
+
+	git__free(c->username);
+
+	if (c->publickey) {
+		/* Zero the memory which previously held the publickey */
+		size_t key_len = strlen(c->publickey);
+		git__memzero(c->publickey, key_len);
+		git__free(c->publickey);
+	}
+
+	git__free(c);
+}
+
+static void default_free(struct git_credential *cred)
+{
+	git_credential_default *c = (git_credential_default *)cred;
+
+	git__free(c);
+}
+
+static void username_free(struct git_credential *cred)
+{
+	git__free(cred);
+}
+
+int git_credential_ssh_key_new(
+	git_credential **cred,
+	const char *username,
+	const char *publickey,
+	const char *privatekey,
+	const char *passphrase)
+{
+	return git_credential_ssh_key_type_new(
+		cred,
+		username,
+		publickey,
+		privatekey,
+		passphrase,
+		GIT_CREDENTIAL_SSH_KEY);
+}
+
+int git_credential_ssh_key_memory_new(
+	git_credential **cred,
+	const char *username,
+	const char *publickey,
+	const char *privatekey,
+	const char *passphrase)
+{
+#ifdef GIT_SSH_MEMORY_CREDENTIALS
+	return git_credential_ssh_key_type_new(
+		cred,
+		username,
+		publickey,
+		privatekey,
+		passphrase,
+		GIT_CREDENTIAL_SSH_MEMORY);
+#else
+	GIT_UNUSED(cred);
+	GIT_UNUSED(username);
+	GIT_UNUSED(publickey);
+	GIT_UNUSED(privatekey);
+	GIT_UNUSED(passphrase);
+
+	git_error_set(GIT_ERROR_INVALID,
+		"this version of libgit2 was not built with ssh memory credentials.");
+	return -1;
+#endif
+}
+
+static int git_credential_ssh_key_type_new(
+	git_credential **cred,
+	const char *username,
+	const char *publickey,
+	const char *privatekey,
+	const char *passphrase,
+	git_credential_t credtype)
+{
+	git_credential_ssh_key *c;
+
+	assert(username && cred && privatekey);
+
+	c = git__calloc(1, sizeof(git_credential_ssh_key));
+	GIT_ERROR_CHECK_ALLOC(c);
+
+	c->parent.credtype = credtype;
+	c->parent.free = ssh_key_free;
+
+	c->username = git__strdup(username);
+	GIT_ERROR_CHECK_ALLOC(c->username);
+
+	c->privatekey = git__strdup(privatekey);
+	GIT_ERROR_CHECK_ALLOC(c->privatekey);
+
+	if (publickey) {
+		c->publickey = git__strdup(publickey);
+		GIT_ERROR_CHECK_ALLOC(c->publickey);
+	}
+
+	if (passphrase) {
+		c->passphrase = git__strdup(passphrase);
+		GIT_ERROR_CHECK_ALLOC(c->passphrase);
+	}
+
+	*cred = &c->parent;
+	return 0;
+}
+
+int git_credential_ssh_interactive_new(
+	git_credential **out,
+	const char *username,
+	git_credential_ssh_interactive_cb prompt_callback,
+	void *payload)
+{
+	git_credential_ssh_interactive *c;
+
+	assert(out && username && prompt_callback);
+
+	c = git__calloc(1, sizeof(git_credential_ssh_interactive));
+	GIT_ERROR_CHECK_ALLOC(c);
+
+	c->parent.credtype = GIT_CREDENTIAL_SSH_INTERACTIVE;
+	c->parent.free = ssh_interactive_free;
+
+	c->username = git__strdup(username);
+	GIT_ERROR_CHECK_ALLOC(c->username);
+
+	c->prompt_callback = prompt_callback;
+	c->payload = payload;
+
+	*out = &c->parent;
+	return 0;
+}
+
+int git_credential_ssh_key_from_agent(git_credential **cred, const char *username) {
+	git_credential_ssh_key *c;
+
+	assert(username && cred);
+
+	c = git__calloc(1, sizeof(git_credential_ssh_key));
+	GIT_ERROR_CHECK_ALLOC(c);
+
+	c->parent.credtype = GIT_CREDENTIAL_SSH_KEY;
+	c->parent.free = ssh_key_free;
+
+	c->username = git__strdup(username);
+	GIT_ERROR_CHECK_ALLOC(c->username);
+
+	c->privatekey = NULL;
+
+	*cred = &c->parent;
+	return 0;
+}
+
+int git_credential_ssh_custom_new(
+	git_credential **cred,
+	const char *username,
+	const char *publickey,
+	size_t publickey_len,
+	git_credential_sign_cb sign_callback,
+	void *payload)
+{
+	git_credential_ssh_custom *c;
+
+	assert(username && cred);
+
+	c = git__calloc(1, sizeof(git_credential_ssh_custom));
+	GIT_ERROR_CHECK_ALLOC(c);
+
+	c->parent.credtype = GIT_CREDENTIAL_SSH_CUSTOM;
+	c->parent.free = ssh_custom_free;
+
+	c->username = git__strdup(username);
+	GIT_ERROR_CHECK_ALLOC(c->username);
+
+	if (publickey_len > 0) {
+		c->publickey = git__malloc(publickey_len);
+		GIT_ERROR_CHECK_ALLOC(c->publickey);
+
+		memcpy(c->publickey, publickey, publickey_len);
+	}
+
+	c->publickey_len = publickey_len;
+	c->sign_callback = sign_callback;
+	c->payload = payload;
+
+	*cred = &c->parent;
+	return 0;
+}
+
+int git_credential_default_new(git_credential **cred)
+{
+	git_credential_default *c;
+
+	assert(cred);
+
+	c = git__calloc(1, sizeof(git_credential_default));
+	GIT_ERROR_CHECK_ALLOC(c);
+
+	c->credtype = GIT_CREDENTIAL_DEFAULT;
+	c->free = default_free;
+
+	*cred = c;
+	return 0;
+}
+
+int git_credential_username_new(git_credential **cred, const char *username)
+{
+	git_credential_username *c;
+	size_t len, allocsize;
+
+	assert(cred);
+
+	len = strlen(username);
+
+	GIT_ERROR_CHECK_ALLOC_ADD(&allocsize, sizeof(git_credential_username), len);
+	GIT_ERROR_CHECK_ALLOC_ADD(&allocsize, allocsize, 1);
+	c = git__malloc(allocsize);
+	GIT_ERROR_CHECK_ALLOC(c);
+
+	c->parent.credtype = GIT_CREDENTIAL_USERNAME;
+	c->parent.free = username_free;
+	memcpy(c->username, username, len + 1);
+
+	*cred = (git_credential *) c;
+	return 0;
+}
+
+void git_credential_free(git_credential *cred)
+{
+	if (!cred)
+		return;
+
+	cred->free(cred);
+}
+
+/* Deprecated credential functions */
+
+int git_cred_has_username(git_credential *cred)
+{
+	return git_credential_has_username(cred);
+}
+
+const char *git_cred_get_username(git_credential *cred)
+{
+	return git_credential_get_username(cred);
+}
+
+int git_cred_userpass_plaintext_new(
+	git_credential **out,
+	const char *username,
+	const char *password)
+{
+	return git_credential_userpass_plaintext_new(out,username, password);
+}
+
+int git_cred_default_new(git_credential **out)
+{
+	return git_credential_default_new(out);
+}
+
+int git_cred_username_new(git_credential **out, const char *username)
+{
+	return git_credential_username_new(out, username);
+}
+
+int git_cred_ssh_key_new(
+	git_credential **out,
+	const char *username,
+	const char *publickey,
+	const char *privatekey,
+	const char *passphrase)
+{
+	return git_credential_ssh_key_new(out, username,
+		publickey, privatekey, passphrase);
+}
+
+int git_cred_ssh_key_memory_new(
+	git_credential **out,
+	const char *username,
+	const char *publickey,
+	const char *privatekey,
+	const char *passphrase)
+{
+	return git_credential_ssh_key_memory_new(out, username,
+		publickey, privatekey, passphrase);
+}
+
+int git_cred_ssh_interactive_new(
+	git_credential **out,
+	const char *username,
+	git_credential_ssh_interactive_cb prompt_callback,
+	void *payload)
+{
+	return git_credential_ssh_interactive_new(out, username,
+		prompt_callback, payload);
+}
+
+int git_cred_ssh_key_from_agent(
+	git_credential **out,
+	const char *username)
+{
+	return git_credential_ssh_key_from_agent(out, username);
+}
+
+int git_cred_ssh_custom_new(
+	git_credential **out,
+	const char *username,
+	const char *publickey,
+	size_t publickey_len,
+	git_credential_sign_cb sign_callback,
+	void *payload)
+{
+	return git_credential_ssh_custom_new(out, username,
+		publickey, publickey_len, sign_callback, payload);
+}
+
+void git_cred_free(git_credential *cred)
+{
+	git_credential_free(cred);
+}
diff --git a/src/transports/credential_helpers.c b/src/transports/credential_helpers.c
new file mode 100644
index 0000000..6b975e1
--- /dev/null
+++ b/src/transports/credential_helpers.c
@@ -0,0 +1,66 @@
+/*
+ * Copyright (C) the libgit2 contributors. All rights reserved.
+ *
+ * This file is part of libgit2, distributed under the GNU GPL v2 with
+ * a Linking Exception. For full terms see the included COPYING file.
+ */
+
+#include "common.h"
+
+#include "git2/credential_helpers.h"
+
+int git_credential_userpass(
+		git_credential **cred,
+		const char *url,
+		const char *user_from_url,
+		unsigned int allowed_types,
+		void *payload)
+{
+	git_credential_userpass_payload *userpass = (git_credential_userpass_payload*)payload;
+	const char *effective_username = NULL;
+
+	GIT_UNUSED(url);
+
+	if (!userpass || !userpass->password) return -1;
+
+	/* Username resolution: a username can be passed with the URL, the
+	 * credentials payload, or both. Here's what we do.  Note that if we get
+	 * this far, we know that any password the url may contain has already
+	 * failed at least once, so we ignore it.
+	 *
+	 * |  Payload    |   URL    |   Used    |
+	 * +-------------+----------+-----------+
+	 * |    yes      |   no     |  payload  |
+	 * |    yes      |   yes    |  payload  |
+	 * |    no       |   yes    |  url      |
+	 * |    no       |   no     |  FAIL     |
+	 */
+	if (userpass->username)
+		effective_username = userpass->username;
+	else if (user_from_url)
+		effective_username = user_from_url;
+	else
+		return -1;
+
+	if (GIT_CREDENTIAL_USERNAME & allowed_types)
+		return git_credential_username_new(cred, effective_username);
+
+	if ((GIT_CREDENTIAL_USERPASS_PLAINTEXT & allowed_types) == 0 ||
+			git_credential_userpass_plaintext_new(cred, effective_username, userpass->password) < 0)
+		return -1;
+
+	return 0;
+}
+
+/* Deprecated credential functions */
+
+int git_cred_userpass(
+	git_credential **out,
+	const char *url,
+	const char *user_from_url,
+	unsigned int allowed_types,
+	void *payload)
+{
+	return git_credential_userpass(out, url, user_from_url,
+		allowed_types, payload);
+}
diff --git a/src/transports/http.c b/src/transports/http.c
index 36f038e..294bab5 100644
--- a/src/transports/http.c
+++ b/src/transports/http.c
@@ -16,7 +16,7 @@
 #include "netops.h"
 #include "global.h"
 #include "remote.h"
-#include "git2/sys/cred.h"
+#include "git2/sys/credential.h"
 #include "smart.h"
 #include "auth.h"
 #include "http.h"
@@ -54,7 +54,7 @@ typedef struct {
 typedef struct {
 	git_net_url url;
 
-	git_cred *cred;
+	git_credential *cred;
 	unsigned auth_schemetypes;
 	unsigned url_cred_presented : 1;
 } http_server;
@@ -100,24 +100,24 @@ static const http_service receive_pack_service = {
 #define OWNING_SUBTRANSPORT(s) ((http_subtransport *)(s)->parent.subtransport)
 
 static int apply_url_credentials(
-	git_cred **cred,
+	git_credential **cred,
 	unsigned int allowed_types,
 	const char *username,
 	const char *password)
 {
-	if (allowed_types & GIT_CREDTYPE_USERPASS_PLAINTEXT)
-		return git_cred_userpass_plaintext_new(cred, username, password);
+	if (allowed_types & GIT_CREDENTIAL_USERPASS_PLAINTEXT)
+		return git_credential_userpass_plaintext_new(cred, username, password);
 
-	if ((allowed_types & GIT_CREDTYPE_DEFAULT) && *username == '\0' && *password == '\0')
-		return git_cred_default_new(cred);
+	if ((allowed_types & GIT_CREDENTIAL_DEFAULT) && *username == '\0' && *password == '\0')
+		return git_credential_default_new(cred);
 
 	return GIT_PASSTHROUGH;
 }
 
-GIT_INLINE(void) free_cred(git_cred **cred)
+GIT_INLINE(void) free_cred(git_credential **cred)
 {
 	if (*cred) {
-		git_cred_free(*cred);
+		git_credential_free(*cred);
 		(*cred) = NULL;
 	}
 }
@@ -128,7 +128,7 @@ static int handle_auth(
 	const char *url,
 	unsigned int allowed_schemetypes,
 	unsigned int allowed_credtypes,
-	git_cred_acquire_cb callback,
+	git_credential_acquire_cb callback,
 	void *callback_payload)
 {
 	int error = 1;
@@ -137,7 +137,7 @@ static int handle_auth(
 		free_cred(&server->cred);
 
 	/* Start with URL-specified credentials, if there were any. */
-	if ((allowed_credtypes & GIT_CREDTYPE_USERPASS_PLAINTEXT) &&
+	if ((allowed_credtypes & GIT_CREDENTIAL_USERPASS_PLAINTEXT) &&
 	    !server->url_cred_presented &&
 	    server->url.username &&
 	    server->url.password) {
diff --git a/src/transports/httpclient.c b/src/transports/httpclient.c
index 7f44a26..f5c2ce5 100644
--- a/src/transports/httpclient.c
+++ b/src/transports/httpclient.c
@@ -16,7 +16,7 @@
 #include "auth.h"
 #include "auth_negotiate.h"
 #include "auth_ntlm.h"
-#include "git2/sys/cred.h"
+#include "git2/sys/credential.h"
 #include "net.h"
 #include "stream.h"
 #include "streams/socket.h"
@@ -24,9 +24,9 @@
 #include "auth.h"
 
 static git_http_auth_scheme auth_schemes[] = {
-	{ GIT_HTTP_AUTH_NEGOTIATE, "Negotiate", GIT_CREDTYPE_DEFAULT, git_http_auth_negotiate },
-	{ GIT_HTTP_AUTH_NTLM, "NTLM", GIT_CREDTYPE_USERPASS_PLAINTEXT, git_http_auth_ntlm },
-	{ GIT_HTTP_AUTH_BASIC, "Basic", GIT_CREDTYPE_USERPASS_PLAINTEXT, git_http_auth_basic },
+	{ GIT_HTTP_AUTH_NEGOTIATE, "Negotiate", GIT_CREDENTIAL_DEFAULT, git_http_auth_negotiate },
+	{ GIT_HTTP_AUTH_NTLM, "NTLM", GIT_CREDENTIAL_USERPASS_PLAINTEXT, git_http_auth_ntlm },
+	{ GIT_HTTP_AUTH_BASIC, "Basic", GIT_CREDENTIAL_USERPASS_PLAINTEXT, git_http_auth_basic },
 };
 
 #define GIT_READ_BUFFER_SIZE 8192
@@ -456,7 +456,7 @@ static bool best_scheme_and_challenge(
 	git_http_auth_scheme **scheme_out,
 	const char **challenge_out,
 	git_vector *challenges,
-	git_cred *credentials)
+	git_credential *credentials)
 {
 	const char *challenge;
 	size_t i, j;
@@ -504,7 +504,7 @@ static const char *challenge_for_context(
 static const char *init_auth_context(
 	git_http_server *server,
 	git_vector *challenges,
-	git_cred *credentials)
+	git_credential *credentials)
 {
 	git_http_auth_scheme *scheme;
 	const char *challenge;
@@ -540,7 +540,7 @@ static int apply_credentials(
 	git_buf *buf,
 	git_http_server *server,
 	const char *header_name,
-	git_cred *credentials)
+	git_credential *credentials)
 {
 	git_http_auth_context *auth = server->auth_context;
 	git_vector *challenges = &server->auth_challenges;
diff --git a/src/transports/httpclient.h b/src/transports/httpclient.h
index da764fd..2a83bee 100644
--- a/src/transports/httpclient.h
+++ b/src/transports/httpclient.h
@@ -32,21 +32,21 @@ typedef enum {
 
 /** An HTTP request */
 typedef struct {
-	git_http_method method;       /**< Method for the request */
-	git_net_url *url;             /**< Full request URL */
-	git_net_url *proxy;           /**< Proxy to use */
+	git_http_method method;            /**< Method for the request */
+	git_net_url *url;                  /**< Full request URL */
+	git_net_url *proxy;                /**< Proxy to use */
 
 	/* Headers */
-	const char *accept;           /**< Contents of the Accept header */
-	const char *content_type;     /**< Content-Type header (for POST) */
-	git_cred *credentials;        /**< Credentials to authenticate with */
-	git_cred *proxy_credentials;  /**< Credentials for proxy */
-	git_strarray *custom_headers; /**< Additional headers to deliver */
+	const char *accept;                /**< Contents of the Accept header */
+	const char *content_type;          /**< Content-Type header (for POST) */
+	git_credential *credentials;       /**< Credentials to authenticate with */
+	git_credential *proxy_credentials; /**< Credentials for proxy */
+	git_strarray *custom_headers;      /**< Additional headers to deliver */
 
 	/* To POST a payload, either set content_length OR set chunked. */
-	size_t content_length;        /**< Length of the POST body */
-	unsigned chunked : 1,         /**< Post with chunking */
-	         expect_continue : 1; /**< Use expect/continue negotiation */
+	size_t content_length;             /**< Length of the POST body */
+	unsigned chunked : 1,              /**< Post with chunking */
+	         expect_continue : 1;      /**< Use expect/continue negotiation */
 } git_http_request;
 
 typedef struct {
diff --git a/src/transports/local.c b/src/transports/local.c
index cfc6c2a..24af7f0 100644
--- a/src/transports/local.c
+++ b/src/transports/local.c
@@ -201,7 +201,7 @@ on_error:
 static int local_connect(
 	git_transport *transport,
 	const char *url,
-	git_cred_acquire_cb cred_acquire_cb,
+	git_credential_acquire_cb cred_acquire_cb,
 	void *cred_acquire_payload,
 	const git_proxy_options *proxy,
 	int direction, int flags)
diff --git a/src/transports/smart.c b/src/transports/smart.c
index 8e8af00..bb4d2a2 100644
--- a/src/transports/smart.c
+++ b/src/transports/smart.c
@@ -206,7 +206,7 @@ static void free_symrefs(git_vector *symrefs)
 static int git_smart__connect(
 	git_transport *transport,
 	const char *url,
-	git_cred_acquire_cb cred_acquire_cb,
+	git_credential_acquire_cb cred_acquire_cb,
 	void *cred_acquire_payload,
 	const git_proxy_options *proxy,
 	int direction,
@@ -489,7 +489,7 @@ int git_transport_smart_certificate_check(git_transport *transport, git_cert *ce
 	return t->certificate_check_cb(cert, valid, hostname, t->message_cb_payload);
 }
 
-int git_transport_smart_credentials(git_cred **out, git_transport *transport, const char *user, int methods)
+int git_transport_smart_credentials(git_credential **out, git_transport *transport, const char *user, int methods)
 {
 	transport_smart *t = GIT_CONTAINER_OF(transport, transport_smart, parent);
 
diff --git a/src/transports/smart.h b/src/transports/smart.h
index 53e9773..18e0b7e 100644
--- a/src/transports/smart.h
+++ b/src/transports/smart.h
@@ -137,7 +137,7 @@ typedef struct {
 	git_transport parent;
 	git_remote *owner;
 	char *url;
-	git_cred_acquire_cb cred_acquire_cb;
+	git_credential_acquire_cb cred_acquire_cb;
 	void *cred_acquire_payload;
 	git_proxy_options proxy;
 	int direction;
diff --git a/src/transports/ssh.c b/src/transports/ssh.c
index 18d90a9..68b3cbe 100644
--- a/src/transports/ssh.c
+++ b/src/transports/ssh.c
@@ -19,8 +19,8 @@
 #include "smart.h"
 #include "streams/socket.h"
 
-#include "git2/cred.h"
-#include "git2/sys/cred.h"
+#include "git2/credential.h"
+#include "git2/sys/credential.h"
 
 #ifdef GIT_SSH
 
@@ -45,7 +45,7 @@ typedef struct {
 	git_smart_subtransport parent;
 	transport_smart *owner;
 	ssh_stream *current_stream;
-	git_cred *cred;
+	git_credential *cred;
 	char *cmd_uploadpack;
 	char *cmd_receivepack;
 } ssh_subtransport;
@@ -291,7 +291,7 @@ static int git_ssh_extract_url_parts(
 	return 0;
 }
 
-static int ssh_agent_auth(LIBSSH2_SESSION *session, git_cred_ssh_key *c) {
+static int ssh_agent_auth(LIBSSH2_SESSION *session, git_credential_ssh_key *c) {
 	int rc = LIBSSH2_ERROR_NONE;
 
 	struct libssh2_agent_publickey *curr, *prev = NULL;
@@ -346,21 +346,21 @@ shutdown:
 }
 
 static int _git_ssh_authenticate_session(
-	LIBSSH2_SESSION* session,
-	git_cred* cred)
+	LIBSSH2_SESSION *session,
+	git_credential *cred)
 {
 	int rc;
 
 	do {
 		git_error_clear();
 		switch (cred->credtype) {
-		case GIT_CREDTYPE_USERPASS_PLAINTEXT: {
-			git_cred_userpass_plaintext *c = (git_cred_userpass_plaintext *)cred;
+		case GIT_CREDENTIAL_USERPASS_PLAINTEXT: {
+			git_credential_userpass_plaintext *c = (git_credential_userpass_plaintext *)cred;
 			rc = libssh2_userauth_password(session, c->username, c->password);
 			break;
 		}
-		case GIT_CREDTYPE_SSH_KEY: {
-			git_cred_ssh_key *c = (git_cred_ssh_key *)cred;
+		case GIT_CREDENTIAL_SSH_KEY: {
+			git_credential_ssh_key *c = (git_credential_ssh_key *)cred;
 
 			if (c->privatekey)
 				rc = libssh2_userauth_publickey_fromfile(
@@ -371,17 +371,17 @@ static int _git_ssh_authenticate_session(
 
 			break;
 		}
-		case GIT_CREDTYPE_SSH_CUSTOM: {
-			git_cred_ssh_custom *c = (git_cred_ssh_custom *)cred;
+		case GIT_CREDENTIAL_SSH_CUSTOM: {
+			git_credential_ssh_custom *c = (git_credential_ssh_custom *)cred;
 
 			rc = libssh2_userauth_publickey(
 				session, c->username, (const unsigned char *)c->publickey,
 				c->publickey_len, c->sign_callback, &c->payload);
 			break;
 		}
-		case GIT_CREDTYPE_SSH_INTERACTIVE: {
+		case GIT_CREDENTIAL_SSH_INTERACTIVE: {
 			void **abstract = libssh2_session_abstract(session);
-			git_cred_ssh_interactive *c = (git_cred_ssh_interactive *)cred;
+			git_credential_ssh_interactive *c = (git_credential_ssh_interactive *)cred;
 
 			/* ideally, we should be able to set this by calling
 			 * libssh2_session_init_ex() instead of libssh2_session_init().
@@ -401,8 +401,8 @@ static int _git_ssh_authenticate_session(
 			break;
 		}
 #ifdef GIT_SSH_MEMORY_CREDENTIALS
-		case GIT_CREDTYPE_SSH_MEMORY: {
-			git_cred_ssh_key *c = (git_cred_ssh_key *)cred;
+		case GIT_CREDENTIAL_SSH_MEMORY: {
+			git_credential_ssh_key *c = (git_credential_ssh_key *)cred;
 
 			assert(c->username);
 			assert(c->privatekey);
@@ -438,10 +438,10 @@ static int _git_ssh_authenticate_session(
 	return 0;
 }
 
-static int request_creds(git_cred **out, ssh_subtransport *t, const char *user, int auth_methods)
+static int request_creds(git_credential **out, ssh_subtransport *t, const char *user, int auth_methods)
 {
 	int error, no_callback = 0;
-	git_cred *cred = NULL;
+	git_credential *cred = NULL;
 
 	if (!t->owner->cred_acquire_cb) {
 		no_callback = 1;
@@ -520,7 +520,7 @@ static int _git_ssh_setup_conn(
 	int auth_methods, error = 0;
 	size_t i;
 	ssh_stream *s;
-	git_cred *cred = NULL;
+	git_credential *cred = NULL;
 	LIBSSH2_SESSION* session=NULL;
 	LIBSSH2_CHANNEL* channel=NULL;
 
@@ -609,16 +609,16 @@ post_extract:
 
 	/* we need the username to ask for auth methods */
 	if (!urldata.username) {
-		if ((error = request_creds(&cred, t, NULL, GIT_CREDTYPE_USERNAME)) < 0)
+		if ((error = request_creds(&cred, t, NULL, GIT_CREDENTIAL_USERNAME)) < 0)
 			goto done;
 
-		urldata.username = git__strdup(((git_cred_username *) cred)->username);
+		urldata.username = git__strdup(((git_credential_username *) cred)->username);
 		cred->free(cred);
 		cred = NULL;
 		if (!urldata.username)
 			goto done;
 	} else if (urldata.username && urldata.password) {
-		if ((error = git_cred_userpass_plaintext_new(&cred, urldata.username, urldata.password)) < 0)
+		if ((error = git_credential_userpass_plaintext_new(&cred, urldata.username, urldata.password)) < 0)
 			goto done;
 	}
 
@@ -639,7 +639,7 @@ post_extract:
 		if ((error = request_creds(&cred, t, urldata.username, auth_methods)) < 0)
 			goto done;
 
-		if (strcmp(urldata.username, git_cred_get_username(cred))) {
+		if (strcmp(urldata.username, git_credential_get_username(cred))) {
 			git_error_set(GIT_ERROR_SSH, "username does not match previous request");
 			error = -1;
 			goto done;
@@ -814,23 +814,23 @@ static int list_auth_methods(int *out, LIBSSH2_SESSION *session, const char *use
 			ptr++;
 
 		if (!git__prefixcmp(ptr, SSH_AUTH_PUBLICKEY)) {
-			*out |= GIT_CREDTYPE_SSH_KEY;
-			*out |= GIT_CREDTYPE_SSH_CUSTOM;
+			*out |= GIT_CREDENTIAL_SSH_KEY;
+			*out |= GIT_CREDENTIAL_SSH_CUSTOM;
 #ifdef GIT_SSH_MEMORY_CREDENTIALS
-			*out |= GIT_CREDTYPE_SSH_MEMORY;
+			*out |= GIT_CREDENTIAL_SSH_MEMORY;
 #endif
 			ptr += strlen(SSH_AUTH_PUBLICKEY);
 			continue;
 		}
 
 		if (!git__prefixcmp(ptr, SSH_AUTH_PASSWORD)) {
-			*out |= GIT_CREDTYPE_USERPASS_PLAINTEXT;
+			*out |= GIT_CREDENTIAL_USERPASS_PLAINTEXT;
 			ptr += strlen(SSH_AUTH_PASSWORD);
 			continue;
 		}
 
 		if (!git__prefixcmp(ptr, SSH_AUTH_KEYBOARD_INTERACTIVE)) {
-			*out |= GIT_CREDTYPE_SSH_INTERACTIVE;
+			*out |= GIT_CREDENTIAL_SSH_INTERACTIVE;
 			ptr += strlen(SSH_AUTH_KEYBOARD_INTERACTIVE);
 			continue;
 		}
diff --git a/src/transports/winhttp.c b/src/transports/winhttp.c
index e9e53ae..ee8cb15 100644
--- a/src/transports/winhttp.c
+++ b/src/transports/winhttp.c
@@ -19,7 +19,7 @@
 #include "repository.h"
 #include "global.h"
 #include "http.h"
-#include "git2/sys/cred.h"
+#include "git2/sys/credential.h"
 
 #include <wincrypt.h>
 #include <winhttp.h>
@@ -113,7 +113,7 @@ typedef struct {
 
 typedef struct {
 	git_net_url url;
-	git_cred *cred;
+	git_credential *cred;
 	int auth_mechanisms;
 	bool url_cred_presented;
 } winhttp_server;
@@ -129,9 +129,9 @@ typedef struct {
 	HINTERNET connection;
 } winhttp_subtransport;
 
-static int apply_userpass_credentials(HINTERNET request, DWORD target, int mechanisms, git_cred *cred)
+static int apply_userpass_credentials(HINTERNET request, DWORD target, int mechanisms, git_credential *cred)
 {
-	git_cred_userpass_plaintext *c = (git_cred_userpass_plaintext *)cred;
+	git_credential_userpass_plaintext *c = (git_credential_userpass_plaintext *)cred;
 	wchar_t *user = NULL, *pass = NULL;
 	int user_len = 0, pass_len = 0, error = 0;
 	DWORD native_scheme;
@@ -206,22 +206,22 @@ static int apply_default_credentials(HINTERNET request, DWORD target, int mechan
 }
 
 static int acquire_url_cred(
-	git_cred **cred,
+	git_credential **cred,
 	unsigned int allowed_types,
 	const char *username,
 	const char *password)
 {
-	if (allowed_types & GIT_CREDTYPE_USERPASS_PLAINTEXT)
-		return git_cred_userpass_plaintext_new(cred, username, password);
+	if (allowed_types & GIT_CREDENTIAL_USERPASS_PLAINTEXT)
+		return git_credential_userpass_plaintext_new(cred, username, password);
 
-	if ((allowed_types & GIT_CREDTYPE_DEFAULT) && *username == '\0' && *password == '\0')
-		return git_cred_default_new(cred);
+	if ((allowed_types & GIT_CREDENTIAL_DEFAULT) && *username == '\0' && *password == '\0')
+		return git_credential_default_new(cred);
 
 	return 1;
 }
 
 static int acquire_fallback_cred(
-	git_cred **cred,
+	git_credential **cred,
 	const char *url,
 	unsigned int allowed_types)
 {
@@ -229,7 +229,7 @@ static int acquire_fallback_cred(
 
 	/* If the target URI supports integrated Windows authentication
 	 * as an authentication mechanism */
-	if (GIT_CREDTYPE_DEFAULT & allowed_types) {
+	if (GIT_CREDENTIAL_DEFAULT & allowed_types) {
 		wchar_t *wide_url;
 		HRESULT hCoInitResult;
 
@@ -253,13 +253,13 @@ static int acquire_fallback_cred(
 					(URLZONE_LOCAL_MACHINE == dwZone ||
 					URLZONE_INTRANET == dwZone ||
 					URLZONE_TRUSTED == dwZone)) {
-					git_cred *existing = *cred;
+					git_credential *existing = *cred;
 
 					if (existing)
 						existing->free(existing);
 
 					/* Then use default Windows credentials to authenticate this request */
-					error = git_cred_default_new(cred);
+					error = git_credential_default_new(cred);
 				}
 
 				pISM->lpVtbl->Release(pISM);
@@ -345,7 +345,7 @@ static int apply_credentials(
 	HINTERNET request,
 	git_net_url *url,
 	int target,
-	git_cred *creds,
+	git_credential *creds,
 	int mechanisms)
 {
 	int error = 0;
@@ -353,9 +353,9 @@ static int apply_credentials(
 	GIT_UNUSED(url);
 
 	/* If we have creds, just apply them */
-	if (creds && creds->credtype == GIT_CREDTYPE_USERPASS_PLAINTEXT)
+	if (creds && creds->credtype == GIT_CREDENTIAL_USERPASS_PLAINTEXT)
 		error = apply_userpass_credentials(request, target, mechanisms, creds);
-	else if (creds && creds->credtype == GIT_CREDTYPE_DEFAULT)
+	else if (creds && creds->credtype == GIT_CREDENTIAL_DEFAULT)
 		error = apply_default_credentials(request, target, mechanisms);
 
 	return error;
@@ -606,23 +606,23 @@ static int parse_unauthorized_response(
 	}
 
 	if (WINHTTP_AUTH_SCHEME_NTLM & supported) {
-		*allowed_types |= GIT_CREDTYPE_USERPASS_PLAINTEXT;
-		*allowed_types |= GIT_CREDTYPE_DEFAULT;
+		*allowed_types |= GIT_CREDENTIAL_USERPASS_PLAINTEXT;
+		*allowed_types |= GIT_CREDENTIAL_DEFAULT;
 		*allowed_mechanisms |= GIT_WINHTTP_AUTH_NTLM;
 	}
 
 	if (WINHTTP_AUTH_SCHEME_NEGOTIATE & supported) {
-		*allowed_types |= GIT_CREDTYPE_DEFAULT;
+		*allowed_types |= GIT_CREDENTIAL_DEFAULT;
 		*allowed_mechanisms |= GIT_WINHTTP_AUTH_NEGOTIATE;
 	}
 
 	if (WINHTTP_AUTH_SCHEME_BASIC & supported) {
-		*allowed_types |= GIT_CREDTYPE_USERPASS_PLAINTEXT;
+		*allowed_types |= GIT_CREDENTIAL_USERPASS_PLAINTEXT;
 		*allowed_mechanisms |= GIT_WINHTTP_AUTH_BASIC;
 	}
 
 	if (WINHTTP_AUTH_SCHEME_DIGEST & supported) {
-		*allowed_types |= GIT_CREDTYPE_USERPASS_PLAINTEXT;
+		*allowed_types |= GIT_CREDENTIAL_USERPASS_PLAINTEXT;
 		*allowed_mechanisms |= GIT_WINHTTP_AUTH_DIGEST;
 	}
 
@@ -907,7 +907,7 @@ static int acquire_credentials(
 	HINTERNET request,
 	winhttp_server *server,
 	const char *url_str,
-	git_cred_acquire_cb cred_cb,
+	git_credential_acquire_cb cred_cb,
 	void *cred_cb_payload)
 {
 	int allowed_types;
@@ -917,7 +917,7 @@ static int acquire_credentials(
 		return -1;
 
 	if (allowed_types) {
-		git_cred_free(server->cred);
+		git_credential_free(server->cred);
 		server->cred = NULL;
 
 		/* Start with URL-specified credentials, if there were any. */
@@ -933,7 +933,7 @@ static int acquire_credentials(
 		if (error > 0 && cred_cb) {
 			error = cred_cb(&server->cred, url_str, server->url.username, allowed_types, cred_cb_payload);
 
-			/* Treat GIT_PASSTHROUGH as though git_cred_acquire_cb isn't set */
+			/* Treat GIT_PASSTHROUGH as though git_credential_acquire_cb isn't set */
 			if (error == GIT_PASSTHROUGH)
 				error = 1;
 			else if (error < 0)
diff --git a/tests/network/cred.c b/tests/network/cred.c
index d35e2b2..5e4db75 100644
--- a/tests/network/cred.c
+++ b/tests/network/cred.c
@@ -4,43 +4,43 @@
 
 void test_network_cred__stock_userpass_validates_args(void)
 {
-	git_cred_userpass_payload payload = {0};
+	git_credential_userpass_payload payload = {0};
 
-	cl_git_fail(git_cred_userpass(NULL, NULL, NULL, 0, NULL));
+	cl_git_fail(git_credential_userpass(NULL, NULL, NULL, 0, NULL));
 
 	payload.username = "user";
-	cl_git_fail(git_cred_userpass(NULL, NULL, NULL, 0, &payload));
+	cl_git_fail(git_credential_userpass(NULL, NULL, NULL, 0, &payload));
 
 	payload.username = NULL;
 	payload.username = "pass";
-	cl_git_fail(git_cred_userpass(NULL, NULL, NULL, 0, &payload));
+	cl_git_fail(git_credential_userpass(NULL, NULL, NULL, 0, &payload));
 }
 
 void test_network_cred__stock_userpass_validates_that_method_is_allowed(void)
 {
-	git_cred *cred;
-	git_cred_userpass_payload payload = {"user", "pass"};
+	git_credential *cred;
+	git_credential_userpass_payload payload = {"user", "pass"};
 
-	cl_git_fail(git_cred_userpass(&cred, NULL, NULL, 0, &payload));
-	cl_git_pass(git_cred_userpass(&cred, NULL, NULL, GIT_CREDTYPE_USERPASS_PLAINTEXT, &payload));
-	git_cred_free(cred);
+	cl_git_fail(git_credential_userpass(&cred, NULL, NULL, 0, &payload));
+	cl_git_pass(git_credential_userpass(&cred, NULL, NULL, GIT_CREDENTIAL_USERPASS_PLAINTEXT, &payload));
+	git_credential_free(cred);
 }
 
 void test_network_cred__stock_userpass_properly_handles_username_in_url(void)
 {
-	git_cred *cred;
-	git_cred_userpass_payload payload = {"alice", "password"};
+	git_credential *cred;
+	git_credential_userpass_payload payload = {"alice", "password"};
 
-	cl_git_pass(git_cred_userpass(&cred, NULL, NULL, GIT_CREDTYPE_USERPASS_PLAINTEXT, &payload));
-	cl_assert_equal_s("alice", git_cred_get_username(cred));
-	git_cred_free(cred);
+	cl_git_pass(git_credential_userpass(&cred, NULL, NULL, GIT_CREDENTIAL_USERPASS_PLAINTEXT, &payload));
+	cl_assert_equal_s("alice", git_credential_get_username(cred));
+	git_credential_free(cred);
 
-	cl_git_pass(git_cred_userpass(&cred, NULL, "bob", GIT_CREDTYPE_USERPASS_PLAINTEXT, &payload));
-	cl_assert_equal_s("alice", git_cred_get_username(cred));
-	git_cred_free(cred);
+	cl_git_pass(git_credential_userpass(&cred, NULL, "bob", GIT_CREDENTIAL_USERPASS_PLAINTEXT, &payload));
+	cl_assert_equal_s("alice", git_credential_get_username(cred));
+	git_credential_free(cred);
 
 	payload.username = NULL;
-	cl_git_pass(git_cred_userpass(&cred, NULL, "bob", GIT_CREDTYPE_USERPASS_PLAINTEXT, &payload));
-	cl_assert_equal_s("bob", git_cred_get_username(cred));
-	git_cred_free(cred);
+	cl_git_pass(git_credential_userpass(&cred, NULL, "bob", GIT_CREDENTIAL_USERPASS_PLAINTEXT, &payload));
+	cl_assert_equal_s("bob", git_credential_get_username(cred));
+	git_credential_free(cred);
 }
diff --git a/tests/online/clone.c b/tests/online/clone.c
index aed0ab9..f780f13 100644
--- a/tests/online/clone.c
+++ b/tests/online/clone.c
@@ -291,7 +291,7 @@ void test_online_clone__custom_headers(void)
 }
 
 static int cred_failure_cb(
-	git_cred **cred,
+	git_credential **cred,
 	const char *url,
 	const char *username_from_url,
 	unsigned int allowed_types,
@@ -315,22 +315,22 @@ void test_online_clone__cred_callback_failure_return_code_is_tunnelled(void)
 	cl_git_fail_with(-172, git_clone(&g_repo, _remote_url, "./foo", &g_options));
 }
 
-static int cred_count_calls_cb(git_cred **cred, const char *url, const char *user,
+static int cred_count_calls_cb(git_credential **cred, const char *url, const char *user,
 			       unsigned int allowed_types, void *data)
 {
 	size_t *counter = (size_t *) data;
 
 	GIT_UNUSED(url); GIT_UNUSED(user); GIT_UNUSED(allowed_types);
 
-	if (allowed_types == GIT_CREDTYPE_USERNAME)
-		return git_cred_username_new(cred, "foo");
+	if (allowed_types == GIT_CREDENTIAL_USERNAME)
+		return git_credential_username_new(cred, "foo");
 
 	(*counter)++;
 
 	if (*counter == 3)
 		return GIT_EUSER;
 
-	return git_cred_userpass_plaintext_new(cred, "foo", "bar");
+	return git_credential_userpass_plaintext_new(cred, "foo", "bar");
 }
 
 void test_online_clone__cred_callback_called_again_on_auth_failure(void)
@@ -351,7 +351,7 @@ void test_online_clone__cred_callback_called_again_on_auth_failure(void)
 }
 
 int cred_default(
-	git_cred **cred,
+	git_credential **cred,
 	const char *url,
 	const char *user_from_url,
 	unsigned int allowed_types,
@@ -361,10 +361,10 @@ int cred_default(
 	GIT_UNUSED(user_from_url);
 	GIT_UNUSED(payload);
 
-	if (!(allowed_types & GIT_CREDTYPE_DEFAULT))
+	if (!(allowed_types & GIT_CREDENTIAL_DEFAULT))
 		return 0;
 
-	return git_cred_default_new(cred);
+	return git_credential_default_new(cred);
 }
 
 void test_online_clone__credentials(void)
@@ -372,7 +372,7 @@ void test_online_clone__credentials(void)
 	/* Remote URL environment variable must be set.
 	 * User and password are optional.
 	 */
-	git_cred_userpass_payload user_pass = {
+	git_credential_userpass_payload user_pass = {
 		_remote_user,
 		_remote_pass
 	};
@@ -383,7 +383,7 @@ void test_online_clone__credentials(void)
 	if (cl_is_env_set("GITTEST_REMOTE_DEFAULT")) {
 		g_options.fetch_opts.callbacks.credentials = cred_default;
 	} else {
-		g_options.fetch_opts.callbacks.credentials = git_cred_userpass;
+		g_options.fetch_opts.callbacks.credentials = git_credential_userpass;
 		g_options.fetch_opts.callbacks.payload = &user_pass;
 	}
 
@@ -394,11 +394,11 @@ void test_online_clone__credentials(void)
 
 void test_online_clone__bitbucket_style(void)
 {
-	git_cred_userpass_payload user_pass = {
+	git_credential_userpass_payload user_pass = {
 		"libgit3", "libgit3"
 	};
 
-	g_options.fetch_opts.callbacks.credentials = git_cred_userpass;
+	g_options.fetch_opts.callbacks.credentials = git_credential_userpass;
 	g_options.fetch_opts.callbacks.payload = &user_pass;
 
 	cl_git_pass(git_clone(&g_repo, BB_REPO_URL, "./foo", &g_options));
@@ -408,16 +408,16 @@ void test_online_clone__bitbucket_style(void)
 
 void test_online_clone__bitbucket_uses_creds_in_url(void)
 {
-	git_cred_userpass_payload user_pass = {
+	git_credential_userpass_payload user_pass = {
 		"libgit2", "wrong"
 	};
 
-	g_options.fetch_opts.callbacks.credentials = git_cred_userpass;
+	g_options.fetch_opts.callbacks.credentials = git_credential_userpass;
 	g_options.fetch_opts.callbacks.payload = &user_pass;
 
 	/*
 	 * Correct user and pass are in the URL; the (incorrect) creds in
-	 * the `git_cred_userpass_payload` should be ignored.
+	 * the `git_credential_userpass_payload` should be ignored.
 	 */
 	cl_git_pass(git_clone(&g_repo, BB_REPO_URL_WITH_PASS, "./foo", &g_options));
 	git_repository_free(g_repo); g_repo = NULL;
@@ -426,11 +426,11 @@ void test_online_clone__bitbucket_uses_creds_in_url(void)
 
 void test_online_clone__bitbucket_falls_back_to_specified_creds(void)
 {
-	git_cred_userpass_payload user_pass = {
+	git_credential_userpass_payload user_pass = {
 		"libgit2", "libgit2"
 	};
 
-	g_options.fetch_opts.callbacks.credentials = git_cred_userpass;
+	g_options.fetch_opts.callbacks.credentials = git_credential_userpass;
 	g_options.fetch_opts.callbacks.payload = &user_pass;
 
 	/*
@@ -441,7 +441,7 @@ void test_online_clone__bitbucket_falls_back_to_specified_creds(void)
 
 	/*
 	 * Incorrect user and pass are in the URL; the (correct) creds in
-	 * the `git_cred_userpass_payload` should be used as a fallback.
+	 * the `git_credential_userpass_payload` should be used as a fallback.
 	 */
 	cl_git_pass(git_clone(&g_repo, BB_REPO_URL_WITH_WRONG_PASS, "./foo", &g_options));
 	git_repository_free(g_repo); g_repo = NULL;
@@ -465,16 +465,16 @@ void test_online_clone__can_cancel(void)
 		git_clone(&g_repo, LIVE_REPO_URL, "./foo", &g_options));
 }
 
-static int cred_cb(git_cred **cred, const char *url, const char *user_from_url,
+static int cred_cb(git_credential **cred, const char *url, const char *user_from_url,
 		   unsigned int allowed_types, void *payload)
 {
 	GIT_UNUSED(url); GIT_UNUSED(user_from_url); GIT_UNUSED(payload);
 
-	if (allowed_types & GIT_CREDTYPE_USERNAME)
-		return git_cred_username_new(cred, _remote_user);
+	if (allowed_types & GIT_CREDENTIAL_USERNAME)
+		return git_credential_username_new(cred, _remote_user);
 
-	if (allowed_types & GIT_CREDTYPE_SSH_KEY)
-		return git_cred_ssh_key_new(cred,
+	if (allowed_types & GIT_CREDENTIAL_SSH_KEY)
+		return git_credential_ssh_key_new(cred,
 			_remote_user, _remote_ssh_pubkey,
 			_remote_ssh_privkey, _remote_ssh_passphrase);
 
@@ -482,16 +482,16 @@ static int cred_cb(git_cred **cred, const char *url, const char *user_from_url,
 	return -1;
 }
 
-static int check_ssh_auth_methods(git_cred **cred, const char *url, const char *username_from_url,
+static int check_ssh_auth_methods(git_credential **cred, const char *url, const char *username_from_url,
 				  unsigned int allowed_types, void *data)
 {
 	int *with_user = (int *) data;
 	GIT_UNUSED(cred); GIT_UNUSED(url); GIT_UNUSED(username_from_url); GIT_UNUSED(data);
 
 	if (!*with_user)
-		cl_assert_equal_i(GIT_CREDTYPE_USERNAME, allowed_types);
+		cl_assert_equal_i(GIT_CREDENTIAL_USERNAME, allowed_types);
 	else
-		cl_assert(!(allowed_types & GIT_CREDTYPE_USERNAME));
+		cl_assert(!(allowed_types & GIT_CREDENTIAL_USERNAME));
 
 	return GIT_EUSER;
 }
@@ -566,13 +566,13 @@ void test_online_clone__ssh_with_paths(void)
 	cl_git_pass(git_clone(&g_repo, _remote_url, "./foo", &g_options));
 }
 
-static int cred_foo_bar(git_cred **cred, const char *url, const char *username_from_url,
+static int cred_foo_bar(git_credential **cred, const char *url, const char *username_from_url,
 				  unsigned int allowed_types, void *data)
 
 {
 	GIT_UNUSED(url); GIT_UNUSED(username_from_url); GIT_UNUSED(allowed_types); GIT_UNUSED(data);
 
-	return git_cred_userpass_plaintext_new(cred, "foo", "bar");
+	return git_credential_userpass_plaintext_new(cred, "foo", "bar");
 }
 
 void test_online_clone__ssh_cannot_change_username(void)
@@ -649,20 +649,20 @@ static char *read_key_file(const char *path)
 	return buf;
 }
 
-static int ssh_memory_cred_cb(git_cred **cred, const char *url, const char *user_from_url,
+static int ssh_memory_cred_cb(git_credential **cred, const char *url, const char *user_from_url,
 		   unsigned int allowed_types, void *payload)
 {
 	GIT_UNUSED(url); GIT_UNUSED(user_from_url); GIT_UNUSED(payload);
 
-	if (allowed_types & GIT_CREDTYPE_USERNAME)
-		return git_cred_username_new(cred, _remote_user);
+	if (allowed_types & GIT_CREDENTIAL_USERNAME)
+		return git_credential_username_new(cred, _remote_user);
 
-	if (allowed_types & GIT_CREDTYPE_SSH_KEY)
+	if (allowed_types & GIT_CREDENTIAL_SSH_KEY)
 	{
 		char *pubkey = read_key_file(_remote_ssh_pubkey);
 		char *privkey = read_key_file(_remote_ssh_privkey);
 
-		int ret = git_cred_ssh_key_memory_new(cred, _remote_user, pubkey, privkey, _remote_ssh_passphrase);
+		int ret = git_credential_ssh_key_memory_new(cred, _remote_user, pubkey, privkey, _remote_ssh_passphrase);
 
 		if (privkey)
 			free(privkey);
@@ -737,7 +737,7 @@ void test_online_clone__start_with_http(void)
 }
 
 static int called_proxy_creds;
-static int proxy_cred_cb(git_cred **out, const char *url, const char *username, unsigned int allowed, void *payload)
+static int proxy_cred_cb(git_credential **out, const char *url, const char *username, unsigned int allowed, void *payload)
 {
 	GIT_UNUSED(url);
 	GIT_UNUSED(username);
@@ -745,7 +745,7 @@ static int proxy_cred_cb(git_cred **out, const char *url, const char *username, 
 	GIT_UNUSED(payload);
 
 	called_proxy_creds = 1;
-	return git_cred_userpass_plaintext_new(out, _remote_proxy_user, _remote_proxy_pass);
+	return git_credential_userpass_plaintext_new(out, _remote_proxy_user, _remote_proxy_pass);
 }
 
 static int proxy_cert_cb(git_cert *cert, int valid, const char *host, void *payload)
diff --git a/tests/online/push.c b/tests/online/push.c
index 8c3150c..c82b606 100644
--- a/tests/online/push.c
+++ b/tests/online/push.c
@@ -21,7 +21,7 @@ static char *_remote_ssh_passphrase = NULL;
 static char *_remote_default = NULL;
 static char *_remote_expectcontinue = NULL;
 
-static int cred_acquire_cb(git_cred **,	const char *, const char *, unsigned int, void *);
+static int cred_acquire_cb(git_credential **,	const char *, const char *, unsigned int, void *);
 
 static git_remote *_remote;
 static record_callbacks_data _record_cbs_data = {{ 0 }};
@@ -41,7 +41,7 @@ static git_oid _tag_lightweight;
 static git_oid _tag_tag;
 
 static int cred_acquire_cb(
-	git_cred **cred,
+	git_credential **cred,
 	const char *url,
 	const char *user_from_url,
 	unsigned int allowed_types,
@@ -51,40 +51,40 @@ static int cred_acquire_cb(
 	GIT_UNUSED(user_from_url);
 	GIT_UNUSED(payload);
 
-	if (GIT_CREDTYPE_USERNAME & allowed_types) {
+	if (GIT_CREDENTIAL_USERNAME & allowed_types) {
 		if (!_remote_user) {
 			printf("GITTEST_REMOTE_USER must be set\n");
 			return -1;
 		}
 
-		return git_cred_username_new(cred, _remote_user);
+		return git_credential_username_new(cred, _remote_user);
 	}
 
-	if (GIT_CREDTYPE_DEFAULT & allowed_types) {
+	if (GIT_CREDENTIAL_DEFAULT & allowed_types) {
 		if (!_remote_default) {
 			printf("GITTEST_REMOTE_DEFAULT must be set to use NTLM/Negotiate credentials\n");
 			return -1;
 		}
 
-		return git_cred_default_new(cred);
+		return git_credential_default_new(cred);
 	}
 
-	if (GIT_CREDTYPE_SSH_KEY & allowed_types) {
+	if (GIT_CREDENTIAL_SSH_KEY & allowed_types) {
 		if (!_remote_user || !_remote_ssh_pubkey || !_remote_ssh_key || !_remote_ssh_passphrase) {
 			printf("GITTEST_REMOTE_USER, GITTEST_REMOTE_SSH_PUBKEY, GITTEST_REMOTE_SSH_KEY and GITTEST_REMOTE_SSH_PASSPHRASE must be set\n");
 			return -1;
 		}
 
-		return git_cred_ssh_key_new(cred, _remote_user, _remote_ssh_pubkey, _remote_ssh_key, _remote_ssh_passphrase);
+		return git_credential_ssh_key_new(cred, _remote_user, _remote_ssh_pubkey, _remote_ssh_key, _remote_ssh_passphrase);
 	}
 
-	if (GIT_CREDTYPE_USERPASS_PLAINTEXT & allowed_types) {
+	if (GIT_CREDENTIAL_USERPASS_PLAINTEXT & allowed_types) {
 		if (!_remote_user || !_remote_pass) {
 			printf("GITTEST_REMOTE_USER and GITTEST_REMOTE_PASS must be set\n");
 			return -1;
 		}
 
-		return git_cred_userpass_plaintext_new(cred, _remote_user, _remote_pass);
+		return git_credential_userpass_plaintext_new(cred, _remote_user, _remote_pass);
 	}
 
 	return -1;