Git uses either
$HOME/.gitconfig configuration file for user level settings.
An identity is required when sharing commits via services such as GitHub/GitLab and so that each commit you make is associated to you.
Add an identity to Git configurationλ︎
Define your git identity using the following commands in a terminal window
git config --global user.name "practicalli" git config --global user.email ***+email@example.com
These commands update the
[user] section of the Git configuration file, automatically creating that file if it does not exist.
Using a private email addressλ︎
To avoid sharing your real email address (to minimise spam), consider using a private email address
In your GitHub account, visit the email settings and tick Keep my email addresses private.
A new email of the form
firstname.lastname@example.org is created which must be set as your user email address
For additional security, select the option Block command line pushes that expose my email to prevent commits being pushed to GitHub using your public email address.
Access remote repositoriesλ︎
GitHub repositories can be accessed via HTTPS or SSH URL.
SSH approach is typically more secure, especially as the files holding your keys on disk are encrypted. SSH connections can be tunnelled through HTTPS if connecting to a remote repository via a very restricted firewall.
HTTPS is more widely supported in firewalls as it goes through the HTTPS port. A personal access token is typically required (GitHub blocks access via password), although it must be saved in a plain text file, e.g.
~/.github. Should a token be compromised, it does not give access to the account on the remote repository, so the token can be deleted easily.
SSH URLs with SSH Keyλ︎
When using SSH URLs for remote repository access, generate an SSH key and add it to your GitHub account.
The SSH key removes the need to enter GitHub credentials each time a command is used that accesses a remote repository (push, pull, clone, etc.).
SSH Key Passphraseλ︎
Practicalli recommends setting a passphrase when generating an SSH key.
Unix systems (Linux / MacOSX) should have the
-t specifies the type of encryption, RSA recommended
-C to add your GitHub email address to the SSH key
Accept the default file or enter a preferred file name
Enter a passphrase. A 12 character or greater passphrase should provide adequate security.
Repeat the passphrase
The key has now been created, with an
id_rsa.pub public key that should be added to you GitHub account.
Saving SSH Key to Key Ringλ︎
A key-ring tool for the Operating System can be used to securely store the passphrase.
Ubuntu desktop has a key-ring tool which will display a pop-up dialog to save the passphrase to the key-ring the first time the SSH key is used. Once saved, the key is unlocked when login into the desktop.
HTTPS URLs and personal access tokenλ︎
When using HTTPS URLs for remote repository access, a personal access token is required. Visit the remote repository service and generate a personal access token with at least
Whilst the token could be added to the
~/.gitconfig, as this file is plain text it is not particularly secure (especially if committed into a dotfiles repository and shared).
To provide greater security when using the token, consider using the Git Credential Manager. It is not known if this approach will work with magit (let Practicalli know if it does).
Hint::Magit Forge also uses personal access tokenλ︎
Magit Forge also requires a personal access token, although this can be saved in the encrypted file
~/.authinfo.pggfor greater security. The Magit Forge token includes permissions required to access remote repositories over HTTPS
For greater security, use separate tokens if placing the HTTPS tokein in a plain text file).
Diff 3 Supportλ︎
Diff 3 standard included the parent of two changes in conflict, providing additional context when deciding which change should take precedence
This command adds a
conflictstyle entry in the
[merge] section of the Git configuration file.
Magit supports the Diff3 standard, so a common parent will be shown when this feature is enabled.