If you are signing your commit, or use GPG key to signing data, you always get asked to enter the passphrase every time you are invoking it. It is sometime annoying to have to type it every time. In this guide, I will guide you to configure the necessary tool to auto fill it in a secure way in MacOS.

Install GPG Suite

GPG Suite allows you to manage your OpenPGP keys. Create new keys, modify existing ones and import your colleagues' keys from a key server. It allows you to store your GPG key passphrase in the Mac OS Keychain.

We will use this tool to better manage the GPG key and help us auto fill the passphrase whenever we use the key.

To install, simply hit the download button in the homepage, click on the file to open and install the tool to your application.

GPG keychain will detect and display available keys in your system:

GPG Keychain UI
GPG Key Chain UI

Configure the shell

When you invoke any command that requires GPG Key, GPG Keychain will prompt the passphrase input, you will only need to type it for the first time, next time it will automatically fill it for you. Remember to check the "Save to keychain" option.

GPG Passphrase input
GPG Passphrase input field

Remember to add export GPG_TTY=$(tty) to your startup bash file, in my case .zshrc to configure the tty for the GPG.


Check keychain access

Make sure there was an entry created in your Keychain access relating your key, as in the screenshot below:

Passphrase created in Keychain

Double click on that key and make sure it is always allowed to access by pinentry-mac:

Always allow access by pinentry-mac application

Make sure gpg work properly with your key

Make sure GPG work properly by running this standalone command with your private key, in this case 6A3B2EFE956B5B36 is my key.

echo "dummy" | gpg -bsau 6A3B2EFE956B5B36

Trace commit if there is any problem

If you get error like fatal: failed to write commit object or any other errors when commit, prepend GIT_TRACE=1 then run the commit again to see what is the actual problem.

GIT_TRACE=1 git commit -m "init"
12:05:55.591085 exec-cmd.c:139          trace: resolved executable path from Darwin stack: /Library/Developer/CommandLineTools/usr/bin/git
12:05:55.591488 exec-cmd.c:238          trace: resolved executable dir: /Library/Developer/CommandLineTools/usr/bin
12:05:55.591935 git.c:460               trace: built-in: git commit -m init
12:05:55.593151 run-command.c:654       trace: run_command: gpg --status-fd=2 -bsau 6A3B2EFE956B5B36
error: gpg failed to sign the data
fatal: failed to write commit object

With the error response, you will have a clear idea where is the root of the problem and can find proper fix.

And that's it, you can now using GPG without having to type the passphrase every time.