Solving the problem of having a personal and a work GitHub account is really trivial without any extra tools. All you need is a dedicated SSH key for that GitHub account. (And why would you have a password for a ssh key on your personal machine?)
~/.ssh/config
Host github.com-work
HostName github.com
User git
IdentityFile ~/.ssh/work_id_rsa
IdentitiesOnly yes
Where basically `projects/` follow GitHub naming with $user/$repo, so I set the git identity based on all projects within that user, rather than repo-by-repo which would get cumbersome fast.
Then you just make sure you're in the right directory :)
beaker52•about 8 hours ago
This. I’ve seen so many tools solving problems that already have solutions lately because LLMs allow people to run off and “fix” the problem their way before they can a chance to discover existing, more appropriate solutions.
The next step of this problem space is: “when I’m working on project X, I often forget to change my GitHub user with Gitas” so now they need direnv or something to switch it for them. The original solution foresaw this - so is far more complete that Gitas already _and_ built into git itself.
But, LLMs, so here we are, slowly drowning in a growing ocean of software built by the unaware.
Terretta•about 5 hours ago
> built by the unaware
awash in bliss
accoil•about 9 hours ago
I use that approach. I also make sure to not set the [user] section in my main config (and only in the included files). That way if I'm operating outside of one of my user directories git commit fails due to having no user details.
hrpnk•about 3 hours ago
The host shenanigans are simpler addressed with `git config core.sshCommand` which overrides the default key and selects the desired one on a per repository level.
Are there any good reasons to use multiple GitHub user accounts? GitHub organization membership and permissions are well designed in my experience, negating the need for multiple user accounts.
StarlaAtNight•about 7 hours ago
Consultants or professional services folks will be working in their company’s GitHub account and several clients. Requires managing lots of git/GitHub accounts
Terretta•about 5 hours ago
Simplifying for brevity* -- there are three levels in the GitHub entity:
Even with enterprise SSO, the initial connect to GH can (is typically) "you" (just as you have the same driver license to show at the front desk when registering to visit a secured firm or random hotel), then you elevate "you" into the org through SSO, and what policies apply to you via your org can be 'governed' at the enterprise.
The idea behind this model is that no, you don't have to manage lots of those as you, you're just you, and each of those you aim to use has an elevation that entity controls instead of you controlling it.
This ultimately results in way less key material floating around, and you losing, leaking, or lousing up your own GH cred doesn't auto-give an attacker the SSO elevation.
• • •
Not incidentally, I have a slew of "accounts" given to me by companies that don't bother to make an org, they just invite individuals to repos or make individual accounts for their repo. I suppose it's cheaper in the short run. In the long run, these accounts are 90% still left active years to (no kidding) decade+ later. Seems a better idea to "don't do this." If you're a company, be an org.
> Are there any good reasons to use multiple GitHub user accounts?
Is there any good reasons not to separate what you work on into multiple GitHub accounts? Not to mention some people don't want all their projects attached to one profile, some people also develop in their free-time, and don't want to mix freetime/work projects under the same user account, for multiple reasons.
jimmydoe•about 7 hours ago
A why not
B if you ever be in a company using the half baked GitHub hosted enterprise….
Hamuko•about 7 hours ago
I use a pseudonym during my free time, so yes. Also my employer is requiring us to use company-specific GitHub accounts, so the decision is out of my hands anyway.
OrderlyTiamat•about 7 hours ago
> (And why would you have a password for a ssh key on your personal machine?)
You're presumably joking? If not, could you elaborate?
PunchyHamster•about 7 hours ago
well if you have encrypted storage and already need password to get to it, secondary password is of little value
Tho I prefer to just use hardware key for ssh
craftkiller•about 6 hours ago
> well if you have encrypted storage and already need password to get to it, secondary password is of little value
That's only true when your machine is powered off. If an attacker manages to yank files from your disk while it is running, that ssh-key password is the difference between "they stole my ssh key" and "they stole worthless random data".
> use hardware key for ssh
That's the real solution. I don't understand why people still store ssh keys on disk when hardware keys are simple, easy, and significantly more secure.
fastasucan•about 3 hours ago
>well if you have encrypted storage and already need password to get to it, secondary password is of little value
This is not true at all though. What about when you are logged into your computer.
rzzzt•about 6 hours ago
ssh-agent will also be happy to provide the key to git after an initial unlock with the passphrase.
jimmydoe•about 7 hours ago
For Claude Code users:
- using alternative host is not supported when roaming between local and cloud, fix is to add another origin you don’t use but use GitHub.com url
- CC uses gh command, which still needs account switch, this can be solved by add the switch to CC hook.
adithyassekhar•about 7 hours ago
Is this that dropbox moment again? Anyway on Windows I keep a separate work and personal profile and GitHub auth doesn't go between them.
djoldman•about 3 hours ago
For the folks looking at tools to help manage personal and work identities on the same computer: don't.
Never access personal accounts from a work computer or work accounts from a personal computer under any circumstances.
This goes for laptops, desktops, and especially cellphones.
If an employer asks that you violate the above, ask for a dedicated device owned by your employer to access a work account. If they refuse, that's a big red flag. "Oh just use your phone to check your email/slack" - 1. don't assume everyone has a cellphone and 2. if you want folks doing work on a device, pay for it.
Managing multiple personal accounts on computer A or multiple work accounts on computer B is totally fine.
As an aside, company general counsels might be shocked at how often their employees log in to slack/email/etc. from their personal cellphone: suddenly any and all company and customer intellectual property has a way to leave the network. And it's not even a "pull" from the employee as the other employees just "push" them messages.
Obviously it should be everywhere, for all tools needed to do your job, but it's especially clear for tech where nearly all large companies will also exert control over the device.
eqvinox•about 8 hours ago
You can put [user] blocks in repos, i.e.
/some/where $ head .git/config
[user]
email = me@example.org
name = My 'nick' Name
Doesn't tie into your SSH key though, if you need that.
turbocon•about 8 hours ago
You can manage multiple ssh keys via your ssh config too. But this does seem to make things easier, I always end up fighting with this when I need to do it once every 3 years
sevensor•about 8 hours ago
Github account switching. A git account is not an idea that makes sense.
embedding-shape•about 8 hours ago
It's actually about git account switching as far as I can tell, which does make sense, you can have multiple "git" users indeed. Maybe it's the wording that is wrong? Read "account" as "user" and it might make more sense :)
# in ~/.gitconfig
[includeIf "gitdir:/home/user/projects/embedding-shapes/"]
path = /home/user/.gitconfig-embedding-shapes
# in ~/.gitconfig-embedding-shapes
[user]
name = embedding-shapes
email = embedding-shapes@proton.me
[core]
sshCommand = ssh -i /home/user/.ssh/id_embedding-shapes
That's one of my git "accounts", currently I have four in total, one being my "real identity", other are pseudo-anonymous users.
sevensor•about 7 hours ago
Fair point. This makes much more sense when you make it about your git identity + ssh configuration.
christoph-heiss•about 7 hours ago
Yeah. Unfortunately, just goes to show how many people think Git = Github.
lasgawe•about 4 hours ago
This is nice! This was a problem I faced a few years ago at my job. What I did was create a custom Bash function to switch Git accounts and add it to my .bashrc file. I love this. I’ll give it a try.
sigmonsays•about 6 hours ago
Feel free to have your own workflow but git already addresses this tools entire purpose with includeIf.
what does this address that includeIf does not?
rgoulter•about 11 hours ago
For the use case of "use different accounts / configs for different directories", git's config has includeIf.
teeray•about 6 hours ago
When did using a single per-machine SSH key on a Yubikey become so dirty in the eyes of these enterprises?
csullivannet•about 4 hours ago
For me it's mostly just that the SSH performance on a large monorepo is much worse than HTTPS.
dvratil•about 9 hours ago
I used to have a git post-checkout hook that set the repo identity based on the repo origin url [0] on checkout - maybe there's some post-clone hook these days, but 10 years ago when I wrote it there was only post-checkout hook.
Discussion (40 Comments)
~/.ssh/config
~/.git/configIn my main ~/.gitconfig I have:
Where basically `projects/` follow GitHub naming with $user/$repo, so I set the git identity based on all projects within that user, rather than repo-by-repo which would get cumbersome fast.Then you just make sure you're in the right directory :)
The next step of this problem space is: “when I’m working on project X, I often forget to change my GitHub user with Gitas” so now they need direnv or something to switch it for them. The original solution foresaw this - so is far more complete that Gitas already _and_ built into git itself.
But, LLMs, so here we are, slowly drowning in a growing ocean of software built by the unaware.
awash in bliss
source: https://erik.doernenburg.com/2017/12/using-multiple-github-a...
The idea behind this model is that no, you don't have to manage lots of those as you, you're just you, and each of those you aim to use has an elevation that entity controls instead of you controlling it.
This ultimately results in way less key material floating around, and you losing, leaking, or lousing up your own GH cred doesn't auto-give an attacker the SSO elevation.
• • •
Not incidentally, I have a slew of "accounts" given to me by companies that don't bother to make an org, they just invite individuals to repos or make individual accounts for their repo. I suppose it's cheaper in the short run. In the long run, these accounts are 90% still left active years to (no kidding) decade+ later. Seems a better idea to "don't do this." If you're a company, be an org.
---
* Expanded for more depth: https://docs.github.com/en/get-started/learning-about-github...
Is there any good reasons not to separate what you work on into multiple GitHub accounts? Not to mention some people don't want all their projects attached to one profile, some people also develop in their free-time, and don't want to mix freetime/work projects under the same user account, for multiple reasons.
B if you ever be in a company using the half baked GitHub hosted enterprise….
You're presumably joking? If not, could you elaborate?
Tho I prefer to just use hardware key for ssh
That's only true when your machine is powered off. If an attacker manages to yank files from your disk while it is running, that ssh-key password is the difference between "they stole my ssh key" and "they stole worthless random data".
> use hardware key for ssh
That's the real solution. I don't understand why people still store ssh keys on disk when hardware keys are simple, easy, and significantly more secure.
This is not true at all though. What about when you are logged into your computer.
- using alternative host is not supported when roaming between local and cloud, fix is to add another origin you don’t use but use GitHub.com url
- CC uses gh command, which still needs account switch, this can be solved by add the switch to CC hook.
Never access personal accounts from a work computer or work accounts from a personal computer under any circumstances.
This goes for laptops, desktops, and especially cellphones.
If an employer asks that you violate the above, ask for a dedicated device owned by your employer to access a work account. If they refuse, that's a big red flag. "Oh just use your phone to check your email/slack" - 1. don't assume everyone has a cellphone and 2. if you want folks doing work on a device, pay for it.
Managing multiple personal accounts on computer A or multiple work accounts on computer B is totally fine.
As an aside, company general counsels might be shocked at how often their employees log in to slack/email/etc. from their personal cellphone: suddenly any and all company and customer intellectual property has a way to leave the network. And it's not even a "pull" from the employee as the other employees just "push" them messages.
Obviously it should be everywhere, for all tools needed to do your job, but it's especially clear for tech where nearly all large companies will also exert control over the device.
what does this address that includeIf does not?
[0] https://www.dvratil.cz/2015/12/git-trick-%23628-automaticall...