π Day 9: SSH and GPG Keys for Secure Access in Git
Badmus Faoziyat
π Why Secure Access Matters in Git?
When you work with Git hosting platforms like GitHub, GitLab, or Bitbucket, you push and pull code from remote repositories.
If you donβt secure this connection, hackers can intercept your credentials or maliciously access your repositories! β
That's why SSH keys and GPG keys are essential for every DevOps engineer.
Letβs break them down simply:
π What is an SSH Key?
SSH (Secure Shell) is a secure network protocol that allows you to connect securely to servers and remote services.
An SSH key is like a secret handshake between your computer and GitHub/GitLab.
Instead of entering your password each time, your computer proves itβs you using this secret.
It consists of two parts:
Private Key: Stays safe on your computer. Never share this!
Public Key: You upload this to GitHub/GitLab/Bitbucket.
π― Real-world Example:
Think of your private key like the key to your house.
The public key is like giving the house manager a copy of your "name tag" β when they recognize your name tag, they open the door.
βοΈ How to Create and Use an SSH Key (Simple Steps)
Open your terminal (Git Bash, Linux, Mac).
Type:
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
This generates an SSH key pair.
Press Enter to accept the default location.
Create a secure passphrase when asked.
Copy your public key:
cat ~/.ssh/id_rsa.pub
- Paste it into your GitHub / GitLab account under Settings β SSH Keys.
β Now you can push and pull code without typing your password!
π‘οΈ What is a GPG Key?
GPG (GNU Privacy Guard) keys are used to sign your Git commits.
Why?
To prove that the commit was actually made by you.
To prevent impersonation.
To add credibility to your projects.
You'll often see a "Verified" badge next to your commits when using GPG signing.
βοΈ How to Set Up a GPG Key (Simple Steps)
Install GPG if not already installed.
Generate a new GPG key:
gpg --full-generate-key
Select:
RSA
4096 bits
Validity period (can be forever)
Enter your email
- List your keys:
gpg --list-secret-keys --keyid-format=long
- Copy your GPG public key:
gpg --armor --export YOUR_KEY_ID
Add it to GitHub / GitLab under Settings β GPG Keys.
Configure Git to sign commits automatically:
git config --global user.signingkey YOUR_KEY_ID
git config --global commit.gpgsign true
β Now your commits will show a Verified badge!
π¬ Beginner Tip:
SSH keys = Securely log in without passwords.
GPG keys = Verify your commits are from you.
Both are important habits to build from day one as a DevOps engineer! π
π Sneak Peek for Day 10:
Branching Strategies: Git Flow vs Trunk-Based Development
You'll learn how professional teams organize their code updates β without chaos! π
Subscribe to my newsletter
Read articles from Badmus Faoziyat directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by