diff --git a/cmd/zoekt-mirror-gerrit/main.go b/cmd/zoekt-mirror-gerrit/main.go
index 4daa7723f..b94528779 100644
--- a/cmd/zoekt-mirror-gerrit/main.go
+++ b/cmd/zoekt-mirror-gerrit/main.go
@@ -120,14 +120,12 @@ func main() {
 		log.Fatalf("GetServerInfo: %v", err)
 	}
 
-	gitCredentialConfig := map[string]string{}
 	var projectURL string
 	for _, s := range []string{"http", "anonymous http"} {
 		if schemeInfo, ok := info.Download.Schemes[s]; ok {
 			projectURL = schemeInfo.URL
 			if s == "http" && schemeInfo.IsAuthRequired {
-				gitCredentialConfig = configureGitCredential(rootURL, projectURL, *dest)
-
+				projectURL = addPassword(projectURL, rootURL.User)
 				// remove "/a/" prefix needed for API call with basic auth but not with git command → cleaner repo name
 				projectURL = strings.Replace(projectURL, "/a/${project}", "/${project}", 1)
 			}
@@ -177,10 +175,6 @@ func main() {
 			"zoekt.public":         marshalBool(v.State != "HIDDEN"),
 		}
 
-		for key, value := range gitCredentialConfig {
-			config[key] = value
-		}
-
 		for _, wl := range v.WebLinks {
 			// default gerrit gitiles config is named browse, and does not include
 			// root domain name in it. Cheating.
@@ -236,38 +230,14 @@ func marshalBool(b bool) string {
 	return "0"
 }
 
-func configureGitCredential(rootURL *url.URL, projectURL string, dest string) map[string]string {
-	// Abs path so that we can put it in each git repo config
-	repoDir := filepath.Join(dest, rootURL.Host)
-	gitCredentialStore, err := filepath.Abs(filepath.Join(repoDir, "credentials-store"))
-	if err != nil {
-		log.Fatalf("Absolute dest: %v", err)
-	}
-
-	// credentialValue format: scheme://login:pass@host
-	// XXX: call git credential helper commands
-	cloneURL, err := url.Parse(projectURL)
-	if err != nil {
-		log.Fatalf("url.Parse(): %v", err)
-	}
-	cloneURL.Path = ""
-	cloneURL.User = rootURL.User
-	credentialValue := cloneURL.String()
-
-	if err := os.MkdirAll(repoDir, 0o755); err != nil {
-		log.Fatalf("MkdirAll %s: %v", repoDir, err)
-	}
-	if err := os.WriteFile(gitCredentialStore, []byte(credentialValue), 0644); err != nil {
-		log.Fatalf("WriteFile credentials: %v", err)
-	}
-
-	return map[string]string{
-		"credential.helper": fmt.Sprintf("store --file=%s", gitCredentialStore),
-	}
-}
-
 func anonymousURL(u *url.URL) string {
 	anon := *u
 	anon.User = nil
 	return anon.String()
 }
+
+func addPassword(u string, user *url.Userinfo) string {
+	password, _ := user.Password()
+	username := user.Username()
+	return strings.Replace(u, fmt.Sprintf("://%s@", username), fmt.Sprintf("://%s:%s@", username, password), 1)
+}