5

In line with the github recently removing support for password authentication - I have created a PAT following this guide

However, everytime I git push I see that that the "authencity of git-credential-osxkeychain cannot be verified.

Why this? Surely I don't need to enter my password everytime I push?

enter image description here

Jordan Miguel
  • 632
  • 1
  • 9
  • 34

3 Answers3

6

OSX prompts for a password every time you use git after brew upgrades git. To make Keychain Access trust git with the password again, you have to open Keychain Access, search for github under Keychain: login, kind: Internet password, and add the new path to git-credential-osxkeychain. Or, just delete the github password and regenerate the Personal Access Token again. (source: Fixing the git-credential-osxkeychain password prompts on every git transaction )

For example, today brew installed git-credential-osxkeychain to /usr/local/Cellar/git/2.36.0/libexec/git-core/git-credential-osxkeychain, so I had to add that path to the password in Keychain Access.

$ brew info git
…
/usr/local/Cellar/git/2.36.0 (1,544 files, 43.6MB) *
…
$ find /usr/local/Cellar/git/2.36.0 -name git-credential-osxkeychain
/usr/local/Cellar/git/2.36.0/libexec/git-core/git-credential-osxkeychain

Screenshot of password window in Keychain Access

yonran
  • 18,156
  • 8
  • 72
  • 97
  • Thanks! Worked for me. Here's a fish shell expression that points to the right file: `$HOMEBREW_PREFIX/Cellar/git/(string split " " (git --version))[3]/libexec/git-core/git-credential-osxkeychain` – Tyler Gannon Feb 28 '23 at 23:07
5

You can enter your password and click “Always Allow,” which should avoid you needing to enter the password again.

The likely reason for this is that your version of Git comes from Homebrew or another source that doesn't sign its packages, and Apple is complaining about this. As far as I'm aware, nobody but Apple ships a version of Git that's signed, and Homebrew is considered reputable, so there's no reason to be worried here. The notification is unnecessary.

bk2204
  • 64,793
  • 6
  • 84
  • 100
2

https cloning has always been fraught with peril and you'll see issues like this .. additionally, Microsoft Corporation (who acquired GitHub in 2018) is attempting to frustrate you into using their command line tool by both hiding ssh clone and only appearing to offer clone via https or their command line tool

See Embrace, Extend, and Extinguish

Create ssh keys and clone via ssh instead of https

  • create a new key pair if you don't have one

    $ ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

    GitHub docs for this

  • Add the public key to your account

  • clone the repo again using an ssh remote

    git clone git@github.com:user/repo.git

    or update the existing repo's remote to the ssh version

    git remote -v  # show existing remote
git remote set-url git@github.com:user/repo.git
ti7
  • 16,375
  • 6
  • 40
  • 68