πŸ”’ Day 9: SSH and GPG Keys for Secure Access in Git

Badmus FaoziyatBadmus Faoziyat
3 min read

πŸš€ Why Secure Access Matters in Git?

When you work with Git hosting platforms like GitHub, GitLab, or Bitbucket, you push and pull code from remote repositories.
If you don’t secure this connection, hackers can intercept your credentials or maliciously access your repositories! ❌

That's why SSH keys and GPG keys are essential for every DevOps engineer.

Let’s break them down simply:

πŸ”‘ What is an SSH Key?

SSH (Secure Shell) is a secure network protocol that allows you to connect securely to servers and remote services.

An SSH key is like a secret handshake between your computer and GitHub/GitLab.
Instead of entering your password each time, your computer proves it’s you using this secret.

It consists of two parts:

  • Private Key: Stays safe on your computer. Never share this!

  • Public Key: You upload this to GitHub/GitLab/Bitbucket.

🎯 Real-world Example:

  • Think of your private key like the key to your house.

  • The public key is like giving the house manager a copy of your "name tag" β€” when they recognize your name tag, they open the door.

✍️ How to Create and Use an SSH Key (Simple Steps)

  1. Open your terminal (Git Bash, Linux, Mac).

  2. Type:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

This generates an SSH key pair.

  1. Press Enter to accept the default location.

  2. Create a secure passphrase when asked.

  3. Copy your public key:

cat ~/.ssh/id_rsa.pub
  1. Paste it into your GitHub / GitLab account under Settings β†’ SSH Keys.

βœ… Now you can push and pull code without typing your password!

πŸ›‘οΈ What is a GPG Key?

GPG (GNU Privacy Guard) keys are used to sign your Git commits.

Why?

  • To prove that the commit was actually made by you.

  • To prevent impersonation.

  • To add credibility to your projects.

You'll often see a "Verified" badge next to your commits when using GPG signing.

✍️ How to Set Up a GPG Key (Simple Steps)

  1. Install GPG if not already installed.

  2. Generate a new GPG key:

gpg --full-generate-key

Select:

  • RSA

  • 4096 bits

  • Validity period (can be forever)

  • Enter your email

  1. List your keys:
gpg --list-secret-keys --keyid-format=long
  1. Copy your GPG public key:
gpg --armor --export YOUR_KEY_ID
  1. Add it to GitHub / GitLab under Settings β†’ GPG Keys.

  2. Configure Git to sign commits automatically:

git config --global user.signingkey YOUR_KEY_ID
git config --global commit.gpgsign true

βœ… Now your commits will show a Verified badge!

πŸ’¬ Beginner Tip:

  • SSH keys = Securely log in without passwords.

  • GPG keys = Verify your commits are from you.

Both are important habits to build from day one as a DevOps engineer! πŸš€

πŸ“… Sneak Peek for Day 10:

Branching Strategies: Git Flow vs Trunk-Based Development
You'll learn how professional teams organize their code updates β€” without chaos! 🌟

0
Subscribe to my newsletter

Read articles from Badmus Faoziyat directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Badmus Faoziyat
Badmus Faoziyat