# Install github-keygen with Homebrew

Bootstrap GitHub SSH configuration. Version 1.401 via Homebrew; verified from local package data.

## Install

```sh
sudo av install brew:github-keygen
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install github-keygen
```

  Evidence: local Homebrew formula metadata

## Package facts

- **Package key:** brew:github-keygen
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/github-keygen>
- **Version:** 1.401
- **Source summary:** Bootstrap GitHub SSH configuration
- **Homepage:** <https://github.com/dolmen/github-keygen>
- **Repository:** <https://github.com/dolmen/github-keygen>
- **Upstream docs:** <https://github.com/dolmen/github-keygen#readme>
- **License:** GPL-3.0-or-later
- **Source archive:** <https://github.com/dolmen/github-keygen/archive/refs/tags/v1.401.tar.gz>
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- github-keygen (cli)
- github-keygen (alias)

## Uses from macOS

- perl

## Install behavior

- Post-install hook: not defined
- Bottle: available on all

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 1.401
- Local data: ok
- Upstream repository: https://github.com/dolmen/github-keygen
- Upstream latest detected: v1.401 (current)
- info: No package-manager update timestamp was available.
## Project history and usage

github-keygen is a small Perl utility by Olivier Mengue for bootstrapping and maintaining OpenSSH configuration for GitHub. It creates a dedicated GitHub SSH key, writes a dedicated SSH config section, and installs GitHub host fingerprints in a separate known-hosts file.

### Project history

The repository history begins with an initial release in May 2011. Its author-maintained README frames the tool as a one-shot wizard rather than a long-running daemon or library: users clone it, run it for a GitHub account, inspect the generated SSH configuration, and can remove the tool afterward.

The changelog shows the project tracking practical SSH and GitHub changes over time: stronger cipher choices in the 1.020 series, OpenSSH roaming mitigation in 1.101, generated-config versioning in 1.200, GitHub key comparison in 1.300, larger and then Ed25519 default keys in later releases, and post-quantum key-exchange list updates in 1.401.

### Adoption history

Adoption appears niche and security-oriented. The tool serves users who want repeatable GitHub SSH setup, multiple GitHub accounts, per-machine keys, host aliases, strict host checking, and conservative handling of an existing SSH config.

### How it is used

Practitioners run github-keygen with a GitHub username to generate or update SSH files under ~/.ssh. The generated setup gives GitHub its own key, known_hosts file, public-key-only authentication, strict host checking, and account-specific host aliases for Git remotes.

The README emphasizes local auditability: the script is readable Perl, writes configuration files rather than a resident service, and can check GitHub public endpoints to verify registered keys unless the offline flag is used.

### Why package nerds care

Its package value is in codifying a careful SSH setup that many developers otherwise perform by hand. That makes it a tiny but opinionated tool for users who maintain several GitHub identities or machines and prefer generated config over checklist-driven setup.

### Timeline

- 2011: Initial release appears in the repository history.
- 2012: v1.000 begins the tagged release stream.
- 2016: v1.101 adds OpenSSH roaming vulnerability mitigation.
- 2022: v1.306 changes default key size and removes older GitHub host-key algorithms.
- 2025: v1.400 switches new keys to Ed25519 by default.

### Related projects

- github-keygen relates to OpenSSH, GitHub SSH authentication, Git for Windows, and GitHub's SSH key-management workflow.

### Sources

- <https://github.com/dolmen/github-keygen>
- <https://github.com/dolmen/github-keygen/commits/release>
- <https://github.com/dolmen/github-keygen/releases>


## Security Notes

broad file, network, media, or database tool signal.

- **Geiger risk:** blue / medium
- broad file, network, media, or database tool signal


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: ~/.ssh/config

## Credential files

- Unix: ~/.ssh/id_<github-account>@github
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** github-keygen
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Text processing packages](https://www.automicvault.com/pkg/text-processing-tools/) - Matched text, document, or structured-data processing metadata.
- [docker-credential-helper](https://www.automicvault.com/pkg/brew/docker-credential-helper/) - Shares av.db curated category or tags: authentication, cli, developer-tools.
- [oauth2l](https://www.automicvault.com/pkg/brew/oauth2l/) - Shares av.db curated category or tags: authentication, cli, developer-tools.
- [oauth2c](https://www.automicvault.com/pkg/brew/oauth2c/) - Shares av.db curated category or tags: authentication, cli, developer-tools.
- [qca](https://www.automicvault.com/pkg/brew/qca/) - Shares av.db curated category or tags: cli, developer-tools, security.
- [sarif-fmt](https://www.automicvault.com/pkg/brew/sarif-fmt/) - Shares av.db curated category or tags: cli, developer-tools, security.
- [sarif-tools](https://www.automicvault.com/pkg/brew/sarif-tools/) - Shares av.db curated category or tags: cli, developer-tools, security.
- [semgrep](https://www.automicvault.com/pkg/brew/semgrep/) - Shares av.db curated category or tags: cli, developer-tools, security.
- [aliae](https://www.automicvault.com/pkg/brew/aliae/) - Shares av.db curated category or tags: cli, configuration, developer-tools.
- [github-markdown-toc](https://www.automicvault.com/pkg/brew/github-markdown-toc/) - Package names and metadata indicate a similar tool family. Shared terms: cli, developer, developer-tools, github.
- [github-mcp-server](https://www.automicvault.com/pkg/brew/github-mcp-server/) - Package names and metadata indicate a similar tool family. Shared terms: cli, developer, developer-tools, github.
- [github-release](https://www.automicvault.com/pkg/brew/github-release/) - Package names and metadata indicate a similar tool family. Shared terms: cli, developer, developer-tools, github.

## Combined YAML source

View the package source record on GitHub. [combined/github-keygen.yml](https://github.com/automic-vault/db/blob/main/combined/github-keygen.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- cross-ecosystem install command graph
