Homebrew installation requests to use the confidential keychain information. Should I allow it to do so

githomebrewkeychain

I was installing Homebrew on my MacBook Pro (as per the instructions on this page), when the following message popped up:

git-credential-osxkeychain wants to use your confidential information stored in "github.com" in your keychain.
The authenticity of "git-credential-osxkeychain" cannot be verified. Do you want to allow access to this item?
Always Allow | Deny | Allow

The message that popped up while installing Homebrew

  1. Is it normal for this message to appear while installing Homebrew? Why does it need to use my keychain? What is it going to do with it?

  2. Do I have to click 'Allow' for the installation to complete successfully? What will happen if I don't?

  3. If the answer to the previous question is that I have to click 'Allow', what risks do I run doing so? Is there anything I can do to reduce the risks?

macOS Sierra version 10.12.4

Best Answer

My answer to question 2 ("Do I have to click 'Allow' for the installation to complete successfully? What will happen if I don't?") is - click "deny" and see what happens. The worst that could happen is that you'll have to reinstall Homebrew.

A wee bit of context from my experience in installing Homebrew: when I installed brew I didn't get this pop-up. However, after installing brew I set up a launchd job to brew update once an hour, and I ran into a daily limit which prevented hourly updates. Brew advised me the solution to this was to (a) create an account at Github, and (b) generate a token for brew. My assumption is that you already have an account at Github, and that brew install is checking your keychain for a token. In my experience it's not needed for install, and you can generate a token later if you need one.

Related Question