you don't have to mess with ~/.ssh/config

Just put this in your ~/.gitconfig (or ~/.config/git/personal as in the article)

  [core]
      sshCommand = /usr/bin/ssh -o IdentitiesOnly=yes -i ~/.ssh/IdentityFile2 -a

This makes submodules easy without the `insteadOf`

I really liked the website, the layout, typography, icons etc. Really well done!

The includeIf stuff is pretty neat. I currently keep the SSH complexity in ~/.ssh, where I have several includes, one for each customer|project|identity. Things without unique hostnames, like github, get an alias assigned:

    Host customer-github
     Hostname github.com
     IdentityFile ~/.ssh/customer_rsa
     User git

All I have to do is use the alias in any git clone command and I'm done.

So glad I clicked on this link. I was already doing the `includeIf: "gitdir"` thing to separate work and personal stuff, but `hasconfig:remote` is a total game-changer.

I use `insteadOf` instead of ssh alias because my workplace use GitLab orgs. So instead of typing the full URL like:

  git clone gitlab.com/acme-corp/project-name

I could use:

  git clone work:project-name

But this kinda broke `includeIf` since it store the `insteadOf` remote url directly. I then had to convert existing repositories to use the `insteadOf` url.

I wrote a little bit about it here: https://bentinata.com/log/git-insteadof-includeif

Is there a risk with not using different keys for work and personal?

The private bits are all in the same place: if one is compromised, so are the rest.

I do something similar, but instead of `insteadOf`, I just clone the repo with `gh-work:org/repo`, and in the git config:

    [includeIf "hasconfig:remote.*.url:gh-work:**/**"]
        path = ~/.gitconfig.d/gh-work.inc

So, any git repo cloned with the ssh identity defined under `gh-work` will take on the config of `gh-work.inc`, which includes the git identity, and also the same signing key as in the ssh config.

Essentially, the name `gh-work` becomes the distinguishing element in both my ssh identity and my git identity, and I find this easier to think about.

Shameless plug for a tool I developed in order to easily switch git identities based on projects: https://github.com/cquintana92/git-switch-user

After configuring the identities you just need to run

    $ git su Personal
    $ git su Work

And all the identity configuration (email, name, SSH key and optionally PGP key) will be set up into the repo's .git/config file.

Saved me a ton of time.

This post is a great reference of what’s possible with git config wrt includes/remotes, and I’m sure I’ll be getting back to it.

One thing though: what’s the point of using separate keys for work/personal/github/gitlab? I fail to see a practical and security advantage over using one key (per workstation).

As cool as this is, how many peoples' employers allow them to do either personal work from the work computers, or work work from their personal computers? My company is quite strict on both.

I've been using `includeIf` with directory for ages (https://www.bobek.cz/til/git-identities/), the `hasconfig:remote` is really neat. And it also works when cloning the repository.

This is a nice trick. But if you:

* use a dedicated work machine and

* also want to version control your dotfiles (including ~/.config/git/) and

* don't want to leak your work repository organisation via your dotfiles,

you can instead add something like

    [include]
        path = work.gitconfig

which will override any settings above it and also fail gracefully/silently if work.gitconfig does not exist.

user.useconfigonly=true can also help

I hated configuring multiple Hosts/aliases in my ~/.ssh/config for Github/Bitbucket when dealing with different keys for different clients.

I ended up creating a "SSH environment" manager 4 years ago to help with this: https://github.com/theonejb/sshenv

It's worked wonderfully for me since then, and it's something I use almost daily.

Thank you for this! I have exactly the same problem and was waiting for the solution to present itself, which it now has.

Aside: I use NixOS with home-manager (on linux and mac), which makes this trivial [1]. Added the following lines to my home-manager config:

  programs.git = {
    enable = true;
    ...
    includes = [
      {
        condition = "hasconfig:remote.*.url:[email protected]:<work>/**";
        contents = {
          user.email = "<work email>";
        };
      }
    ];
  }

[1]: https://nix-community.github.io/home-manager/options.xhtml#o...

Why have multiple git identities in the same machine? I use a single different key with each machine and that's it.

> Note: I've had this post drafted for 3 YEARS!!! It's finally time to publish it.

I suddenly felt a deep connection with the author. It is not only me.

I promise you, my dear drafts, that one day, I will set you free to see the world!

One even-better approach IMHO

Just keep a .gitconfig in your HOME with aliases for your identities. Then just after initializing/cloning the repo do git config-company or git config-personal

    er453r@r7:~$ cat ~/.gitconfig 
    [user]
        useConfigOnly = true
    [alias]
        config-personal = !echo CONFIG-PERSONAL && \
            git config --local user.email '[email protected]' && \
            git config --local user.name 'personal' && \
            git config --local core.sshCommand 'ssh -i ~/.ssh/id_rsa_personal'
        config-company = !echo OLD CONFIG-COMPANY && \
            git config --local user.email '[email protected]' && \
            git config --local user.name 'Name Surname' && \
            git config --local core.sshCommand 'ssh -i ~/.ssh/id_rsa_company'

I love that Rek drew the image on your about page. I knew I recognized their work as soon as I saw it.