If you are signing your commit, or use GPG key to signing data, you always get asked to enter the passphrase every time you are invoking it. It is sometime annoying to have to type it every time. In this guide, I will guide you to configure the necessary tool to auto fill it in a secure way in MacOS.
Install GPG Suite
GPG Suite allows you to manage your OpenPGP keys. Create new keys, modify existing ones and import your colleagues' keys from a key server. It allows you to store your GPG key passphrase in the Mac OS Keychain.
We will use this tool to better manage the GPG key and help us auto fill the passphrase whenever we use the key.
To install, simply hit the download button in the homepage, click on the file to open and install the tool to your application.
GPG keychain will detect and display available keys in your system:
Configure the shell
When you invoke any command that requires GPG Key, GPG Keychain will prompt the passphrase input, you will only need to type it for the first time, next time it will automatically fill it for you. Remember to check the "Save to keychain" option.
Remember to add
export GPG_TTY=$(tty) to your startup bash file, in my case
.zshrc to configure the tty for the GPG.
Check keychain access
Make sure there was an entry created in your Keychain access relating your key, as in the screenshot below:
Double click on that key and make sure it is always allowed to access by
Make sure gpg work properly with your key
Make sure GPG work properly by running this standalone command with your private key, in this case
6A3B2EFE956B5B36 is my key.
echo "dummy" | gpg -bsau 6A3B2EFE956B5B36
Trace commit if there is any problem
If you get error like
fatal: failed to write commit object or any other errors when commit, prepend
GIT_TRACE=1 then run the commit again to see what is the actual problem.
➜ GIT_TRACE=1 git commit -m "init" 12:05:55.591085 exec-cmd.c:139 trace: resolved executable path from Darwin stack: /Library/Developer/CommandLineTools/usr/bin/git 12:05:55.591488 exec-cmd.c:238 trace: resolved executable dir: /Library/Developer/CommandLineTools/usr/bin 12:05:55.591935 git.c:460 trace: built-in: git commit -m init 12:05:55.593151 run-command.c:654 trace: run_command: gpg --status-fd=2 -bsau 6A3B2EFE956B5B36 error: gpg failed to sign the data fatal: failed to write commit object
With the error response, you will have a clear idea where is the root of the problem and can find proper fix.
And that's it, you can now using GPG without having to type the passphrase every time.