Multiple Git SSH keys
Sooner or later in your time at DECODE, you might encounter a situation where the client will insist on generating you a separate account for a source code service of their choice. In case you already have an account on that service with your DECODE email or perhaps a private email and you plan to use both accounts, you will need separate SSH keys for each of them.
Even though this handbook will use GitHub as an example, the process of managing multiple keys is the same for all Git source code hosting services.
Creating new keys
Create your keys using the ssh-keygen command in the terminal.
While creating new keys, the terminal asks you to choose the locations for the new keys. It is recommended to use the default path suggested by ssh-keygen, additional suggestion is to append the associated username to the path to make them easier to distinguish (i.e. i.e. -f ~/.ssh/id_ed25519_<git_username>).
# Personal
ssh-keygen -t ed25519 -C "<your_personal_email>" -f /Users/<your_name>/.ssh/id_ed25519_<git_username>
# Work
ssh-keygen -t ed25519 -C "<your_work_email>" -f /Users/<your_name>/.ssh/id_ed25519_<git_username>
WWith both keys created it is time to add them to the ssh-agent.
Start the ssh-agent in the background.
eval "$(ssh-agent -s)"
# Add the private key (the one without the `.pub` suffix)
ssh-add --apple-use-keychain <path_to_personal_key>
ssh-add --apple-use-keychain <path_to_work_key>
Adding keys to the source code hosting service
Even though services might differentiate, most of them will handle SSH key management in profile settings. In the case of GitHub, add your SSH key in settings.
To add the SSH key to GitHub, it is necessary to paste its raw contents. It can be done using the pbcopy command. This needs to be the public key, you can identify it by the .pub file extension.
# This is an example of usage in case you used the default location as well as the suggested naming structure
pbcopy < id_ed25519_<git_username>.pub
You need to not only do this separately for both accounts but also make sure you associate the right SSH key to its respective account.
Creating the SSH config
Just in case you already don't have one, create a config file under the ~/.ssh directory. Its purpose is to pick the correct key based on a git repository's remote URL.
Place two different configurations in it, one for each account.
# Personal configuration
Host personal
Hostname github.com
User git
IdentityFile ~/.ssh/id_ed25519_<personal_git_username>
# Work Configuration
Host work
Hostname github.com
User git
IdentityFile ~/.ssh/id_ed25519_<work_git_username>
In this file you specify a host with a name of your choice, in this example, it is work and personal. The hostname will depend on the git source code hosting service you are using, so it will always resolve to the right one, otherwise, you'll encounter an error such as:
Could not resolve hostname <git_source_code_hosting_service>: nodename nor servname provided, or not known
The last row defines which SSH key to use for each configuration.
Test your new configuration
To determine which key a giver repository would use, you'll need to make some changes to your local repositories' remote URLs and any new ones you clone in the future.
For example, you will now use:
# For repositories you want to access with your personal SSH key
git clone git@personal:example-git-repository.git
# For repositories you want to access with your work SSH key
git clone git@work:example-git-repository.git
Another approach could be setting specific repos or organizations as the hostnames so that you don't have to remember to change the git clone command every time.
Make sure you are always using the right credentials
To make sure you are always using the right credentials in a repository make sure that the right username and email are set.
For just one repo, position yourself in the relevant local repository and run the following commands.
git config user.name "Your Name"
git config user.email your@email.example
For global email and username, which are default and are configured in your ~/.gitconfig:
git config --global user.name "Your Name"
git config --global user.email your@email.example
# You can check your Git settings with:
git config user.name && git config user.email
If you are in a specific repo which you set up a new user/config for, that is different from the global one, then it should show the local config, otherwise, it will show your global config.