Every git commit / git stash asks me for a password

Question

I've purchased a new computer and now when I try to $ git commit or $ git stash I'm pinged for a password.

You need a passphrase to unlock the secret key for user: "Anthony Mayfield <contact@anthonymayfield.com>" 2048-bit RSA key, ID 489A9781, created 2016-04-20

What can I do to prevent this? Thanks

Gitconfig:

[alias]

    # View abbreviated SHA, description, and history graph of the latest 20 commits
    l = log --pretty=oneline -n 20 --graph --abbrev-commit

    # View the current working tree status using the short format
    s = status -s

    # Show the diff between the latest commit and the current state
    d = !"git diff-index --quiet HEAD -- || clear; git --no-pager diff --patch-with-stat"

    # `git di $number` shows the diff between the state `$number` revisions ago and the current state
    di = !"d() { git diff --patch-with-stat HEAD~$1; }; git diff-index --quiet HEAD -- || clear; d"

    # Pull in remote changes for the current repository and all its submodules
    p = !"git pull; git submodule foreach git pull origin master"

    # Clone a repository including all submodules
    c = clone --recursive

    # Commit all changes
    ca = !git add -A && git commit -av

    # Switch to a branch, creating it if necessary
    go = "!f() { git checkout -b \"$1\" 2> /dev/null || git checkout \"$1\"; }; f"

    # Show verbose output about tags, branches or remotes
    tags = tag -l
    branches = branch -a
    remotes = remote -v

    # Amend the currently staged files to the latest commit
    amend = commit --amend --reuse-message=HEAD

    # Credit an author on the latest commit
    credit = "!f() { git commit --amend --author \"$1 <$2>\" -C HEAD; }; f"

    # Interactive rebase with the given number of latest commits
    reb = "!r() { git rebase -i HEAD~$1; }; r"

    # Remove the old tag with this name and tag the latest commit with it.
    retag = "!r() { git tag -d $1 && git push origin :refs/tags/$1 && git tag $1; }; r"

    # Find branches containing commit
    fb = "!f() { git branch -a --contains $1; }; f"

    # Find tags containing commit
    ft = "!f() { git describe --always --contains $1; }; f"

    # Find commits by source code
    fc = "!f() { git log --pretty=format:'%C(yellow)%h  %Cblue%ad  %Creset%s%Cgreen  [%cn] %Cred%d' --decorate --date=short -S$1; }; f"

    # Find commits by commit message
    fm = "!f() { git log --pretty=format:'%C(yellow)%h  %Cblue%ad  %Creset%s%Cgreen  [%cn] %Cred%d' --decorate --date=short --grep=$1; }; f"

    # Remove branches that have already been merged with master
    # a.k.a. ‘delete merged’
    dm = "!git branch --merged | grep -v '\\*' | xargs -n 1 git branch -d"

    # List contributors with number of commits
    contributors = shortlog --summary --numbered

    # Merge GitHub pull request on top of the current branch or,
    # if a branch name is specified, on top of the specified branch
    mpr = "!f() { \
        declare currentBranch=\"$(git symbolic-ref --short HEAD)\"; \
        declare branch=\"${2:-$currentBranch}\"; \
        if [ $(printf \"%s\" \"$1\" | grep '^[0-9]\\+$' > /dev/null; printf $?) -eq 0 ]; then \
            git fetch origin refs/pull/$1/head:pr/$1 && \
            git checkout -B $branch && \
            git rebase $branch pr/$1 && \
            git checkout -B $branch && \
            git merge pr/$1 && \
            git branch -D pr/$1 && \
            git commit --amend -m \"$(git log -1 --pretty=%B)\n\nCloses #$1.\"; \
        fi \
    }; f"

[apply]

    # Detect whitespace errors when applying a patch
    whitespace = fix

[core]

    # Use custom `.gitignore` and `.gitattributes`
    excludesfile = ~/.gitignore
    attributesfile = ~/.gitattributes

    # Treat spaces before tabs and all kinds of trailing whitespace as an error
    # [default] trailing-space: looks for spaces at the end of a line
    # [default] space-before-tab: looks for spaces before tabs at the beginning of a line
    whitespace = space-before-tab,-indent-with-non-tab,trailing-space

    # Make `git rebase` safer on OS X
    # More info: <http://www.git-tower.com/blog/make-git-rebase-safe-on-osx/>
    trustctime = false

    # Prevent showing files whose names contain non-ASCII symbols as unversioned.
    # http://michael-kuehnel.de/git/2014/11/21/git-mac-osx-and-german-umlaute.html
    precomposeunicode = false

[color]

    # Use colors in Git commands that are capable of colored output when
    # outputting to the terminal. (This is the default setting in Git ≥ 1.8.4.)
    ui = auto

[color "branch"]

    current = yellow reverse
    local = yellow
    remote = green

[color "diff"]

    meta = yellow bold
    frag = magenta bold # line info
    old = red # deletions
    new = green # additions

[color "status"]

    added = yellow
    changed = green
    untracked = cyan

[commit]

    # https://help.github.com/articles/signing-commits-using-gpg/
    gpgsign = true

[diff]

    # Detect copies as well as renames
    renames = copies

[diff "bin"]

    # Use `hexdump` to diff binary files
    textconv = hexdump -v -C

[help]

    # Automatically correct and execute mistyped commands
    autocorrect = 1

[merge]

    # Include summaries of merged commits in newly created merge commit messages
    log = true

[push]

    # Use the Git 1.x.x default to avoid errors on machines with old Git
    # installations. To use `simple` instead, add this to your `~/.extra` file:
    # `git config --global push.default simple`. See http://git.io/mMah-w.
    default = matching
    # Make `git push` push relevant annotated tags when pushing branches out.
    followTags = true

# URL shorthands

[url "git@github.com:"]

    insteadOf = "gh:"
    pushInsteadOf = "github:"
    pushInsteadOf = "git://github.com/"

[url "git://github.com/"]

    insteadOf = "github:"

[url "git@gist.github.com:"]

    insteadOf = "gst:"
    pushInsteadOf = "gist:"
    pushInsteadOf = "git://gist.github.com/"

[url "git://gist.github.com/"]

    insteadOf = "gist:"
[user]
    email = contact@anthonymayfield.com
    signingkey = [scrubbed]
[credential]
    helper = osxkeychain

Answer 1

Your commit.gpgsign is set to true in the git config.

Set it to false via

git config --global commit.gpgsign false
# --global flag depends on the scope of the config.

Alternatively, set it to a different GPG key without a passphrase (or one that the gpg agent can take care of for you) with:

git config --global user.signingkey KEY_ID

GPG signatures is different from SSH keys used to authenticate against a server. SSH ensures that you are authenticated and authorized to push to the server, GPG signatures ensure that the commits you push were indeed written by you.

Some fun reading material:

• A Git Horror Story - Repository Integrity with Signed Commits
• What are the advantages to cryptographically signing every git commit?
• Git SCM - Signing your work

Answer 2

I fixed it.

It's using a GPG key, for what I have absolutely no idea.

My GPG key had a passphrase, I generated a new GPG key without a passphrase but my git config was using the old key.

I subbed out the old key with the new key and it's now working.