This post illustrates the basic steps to create your account and your first repo, with integrated features, which enables you to verify your commits with your encryption key.
Create Your Github Account
- set your username and password
- enable MFA by selecting - optional but recommended
- using MFA, I recommend using SSH to sync your local repos remotely on Github, as I had issues with HTTPS.
Get SSH Access
; if you already have SSH keys in the default folder, change the name to the key or change location.
Add your SSH key to the ssh-agent
$ eval "$(ssh-agent -s)"to start the ssh-agent in the background
- if the file
~/.ssh/configdoes not exist, create it empty by entering
$ touch ~/.ssh/config
- add to the file the following or modify its contents according to your ssh folder location and key name:
$ Host * AddKeysToAgent yes UseKeychain yes IdentityFile ~/.ssh/id_rsa
- add your SSH private key to the ssh-agent and store your passphrase in the keychain:
$ ssh-add -K ~/.ssh/id_rsa, using the correct path and name.
Add your SSH Key to your Github Account
- on your Mac, open “Keychain access” and check if you already have entries for “github” (use search): delete them in case
Add your PGP Key to your Github Account
Create your PGP Key
- install GPG with
brew install gnupgor update it with
brew upgrade gnupg.
- create your . You need an RSA 4096 key. Add your username and email.
- after creation, launch the command
gpg --list-secret-keys --keyid-format LONG, to check your newly created key.
Import your GPG Key from Keybase
The above command can also be used in case you already generated your key.
In case you’ve uploaded your GPG key on , you can import your public key as txt by launching the command
keybase pgp export | gpg --import.
Export your PGP Public Key and Add it to GitHub
After, you need to export your public key, by launching the command
gpg --armor --export firstname.lastname@example.org matching your email address with the one used to create the GPG key.
If you can’t remember what email address is attached to your public key, you can list all your gpg keys with
gpg --list-keys. See this .
You can then copy and paste the output and copy into GitHub by selecting the “settings” option within your profile and adding the GPG Key.
Create Your Remote Repo on Github and clone it locally
- create a new repository on Github; you can decide if making it public (default) or private. I recommend starting private and then make it public once your’re confident
$ git clone <your repo ssh name>
$ cd <your repo name>
$ git config user.name "your username"
git config --global user.signingkey your_ Key_ID, to add your signkey
$ git config --global user.email "your email address"; be sure to use your primary or added email address, which needs to match the email used to generate your GPG key
git config --global commit.gpgsign trueto auto-sign with your key each commit.
“Learning to write programs stretches your mind, and helps you think better, creates a way of thinking about things that I think is helpful in all domains.”
Start coding locally, commit locally often, and when you want to sync your remote repo enter
$ git push origin master.
Check on your commits on Github: you should see “verified”.
You might get this message after a commit:
error: gpg failed to sign the data fatal: failed to write commit object
In case, enter
echo 'no-tty' >> ~/.gnupg/gpg.conf and then
export GPG_TTY=$(tty) to apply change to all users.
See for more information and cases.