I recently acquired a new Mac, and needed to set up git with access to Github on the new computer. I decided to document the process.
First, create a new ssh key, adding a password:
ssh-keygen -t rsa -b 4096
This key ends up in the .ssh
folder of your home directory: ~/.ssh/rsa_id
Now, copy the public key to the clipboard to add it to GitHub:
cat ~/.ssh/id_rsa.pub | pbcopy
In GitHub, navigate to the account settings, and choose SSH and GPG keys from the left navigation menu. Click the New SSH Key button. Type a Title for the key, and paste the clipboard contents into the Key field. Click the Add SSH Key button to save it.
Configure git locally, using the email address from the GitHub account:
git config --global user.email "<YourEmail@somewhere.com>"
git config --global user.name "<YourUserName>"
Instead of typing a password for every use of git, store the password in the keychain locally. In the .ssh
folder, create a file named config
:
touch ~/.ssh/config
Open the config
file in an editor, and add the following content:
Host *
UseKeychain yes
AddKeysToAgent yes
The next push to GitHub will prompt for the password, and from that point on it’s stored in keychain and git won’t prompt for the password any more.
Since I am using GitHub, I use a GPG key to verify my identity when I commit and push code. I can see my commits are verified, protecting me against someone spoofing pushes to my repos:
The first step is creating a GPG key. I installed and used Mac GPG Tools to create my key. After installation the program launches. Create a new key using a strong password and the same email address used for GitHub:
Choose a strong passphrase:
After creating a passphrase for the key, install the public key at GitHub. First, copy the public key to a file using the email address used while creating the key, then copy the file contents to the clipboard:
gpg --export --armor YourEmail@somewhere.com > public-key.asc cat public-key.asc | pbcopy
In GitHub, navigate to account settings, and choose SSH and GPG keys from the left navigation menu. Click the New GPG Key button. Type a Title for the key, and paste the clipboard contents into the Key field. Click the Add GPG Key button to save it.
Next, configure git to use the GPG key. First, find the ID for the key:
gpg --list-secret-keys --keyid-format=long
The output should look like this:
/Users/username/.gnupg/pubring.kbx sec rsa4096/EAF3888888888888E 2022-07-17 [SC] [expires: 2026-07-17] 919488888888888888888888888888888888888E uid [ultimate] Your Name YourEmail@somewhere.com ssb rsa4096/A888888888888884 2022-07-17 [E] [expires: 2026-07-17]
On the line below the one with your email address, copy the text after the rsa4096/
and before the date generated. Use that ID to configure git to sign commits:
git config --global user.signingkey A888888888888884
Now, when ready commit some code destined for GitHub, add a new parameter to the command: -S
git commit -S -m "A clear commit message"
The first time committing with the new parameter, Mac GPG prompts for the passphrase set on the key above. You can choose to save the passphrase in the keychain for future commits.
Now my machine is set up to work with GitHub and verify my identity on my commits.