GitHub Setup on a New Mac

I recently acquired a new Mac, and needed to set up git with access to Github on the new computer. I decided to document the process.

First, create a new ssh key, adding a password:

ssh-keygen -t rsa -b 4096

This key ends up in the .ssh folder of your home directory: ~/.ssh/rsa_id

Now, copy the public key to the clipboard to add it to GitHub:

cat ~/.ssh/id_rsa.pub | pbcopy

In GitHub, navigate to the account settings, and choose SSH and GPG keys from the left navigation menu. Click the New SSH Key button. Type a Title for the key, and paste the clipboard contents into the Key field. Click the Add SSH Key button to save it.

Configure git locally, using the email address from the GitHub account:

git config --global user.email "<YourEmail@somewhere.com>"
git config --global user.name "<YourUserName>"

Instead of typing a password for every use of git, store the password in the keychain locally. In the .ssh folder, create a file named config:

touch ~/.ssh/config

Open the config file in an editor, and add the following content:

Host *
UseKeychain yes
AddKeysToAgent yes

The next push to GitHub will prompt for the password, and from that point on it’s stored in keychain and git won’t prompt for the password any more.

Since I am using GitHub, I use a GPG key to verify my identity when I commit and push code. I can see my commits are verified, protecting me against someone spoofing pushes to my repos:

Verified commits on GitHub

The first step is creating a GPG key. I installed and used Mac GPG Tools to create my key. After installation the program launches. Create a new key using a strong password and the same email address used for GitHub:

Creating a GPG key using the Mac client

Choose a strong passphrase:

Creating the passphrase for the GPG key

After creating a passphrase for the key, install the public key at GitHub. First, copy the public key to a file using the email address used while creating the key, then copy the file contents to the clipboard:

gpg --export --armor YourEmail@somewhere.com > public-key.asc
cat public-key.asc | pbcopy

In GitHub, navigate to account settings, and choose SSH and GPG keys from the left navigation menu. Click the New GPG Key button. Type a Title for the key, and paste the clipboard contents into the Key field. Click the Add GPG Key button to save it.

Next, configure git to use the GPG key. First, find the ID for the key:

gpg --list-secret-keys --keyid-format=long

The output should look like this:

/Users/username/.gnupg/pubring.kbx

sec rsa4096/EAF3888888888888E 2022-07-17 [SC] [expires: 2026-07-17]
919488888888888888888888888888888888888E
uid [ultimate] Your Name YourEmail@somewhere.com
ssb rsa4096/A888888888888884 2022-07-17 [E] [expires: 2026-07-17]

On the line below the one with your email address, copy the text after the rsa4096/ and before the date generated. Use that ID to configure git to sign commits:

git config --global user.signingkey A888888888888884

Now, when ready commit some code destined for GitHub, add a new parameter to the command: -S

git commit -S -m "A clear commit message"

The first time committing with the new parameter, Mac GPG prompts for the passphrase set on the key above. You can choose to save the passphrase in the keychain for future commits.

Now my machine is set up to work with GitHub and verify my identity on my commits.