JULY 28, 2021

GITHUB BEST PRACTICES

GUIDE FOR DEVELOPERS

KELLOGG – GLOBAL DATA ANALYTICS & GOVERNANCE

Table of Contents
Revision History......................................................................................................................... 3
GitHub standard Pull Request process workflow for developers........................................................ 4
Naming Conventions & Readme ............................................................................................... 4
Installing GitHub Client - Git ........................................................................................................ 7
Clone remote repository using Git - GUI .......................................................................................13
Clone remote repository using Git - CLI ........................................................................................14
Using Visual Studio Code for GitHub ............................................................................................16
Creating new feature branch using GIT client ................................................................................20
Mandatory Security Checks ........................................................................................................22
Never store unencrypted secrets in .git repositories ...................................................................22
Avoid git add * commands on git .............................................................................................23
Add sensitive files in .gitignore ................................................................................................23
Don’t rely on code reviews to discover secrets ..........................................................................23
Use automated secrets scanning on repositories........................................................................24
Don’t share your secrets unencrypted in messaging systems like Teams or Skype ...........................24
Store secrets safely................................................................................................................24
Use encryption to store secrets within .git repositories ...............................................................24
Use local environment variables, when feasible .........................................................................25
Mandatory Security Checks Next Generation Analytic Perspective (AWS Cloud) .................................25
Anti-pattern: Hardcoding credentials .......................................................................................26
Why is this bad? ................................................................................................................26
How to mitigate? ...............................................................................................................26
No hardcoded credentials.......................................................................................................27
Use environment variables..................................................................................................27
Use AWS profile.................................................................................................................28
What about the code running in Amazon EC2, AWS Lambda? ......................................................28
Use "Secrets as a service" solutions..........................................................................................28
Use short-lived secrets ...........................................................................................................29
IMPORTANT .........................................................................................................................29
GitHub Onboarding Process........................................................................................................30
Step 1 ..................................................................................................................................30

1|Pa g e
 Create New GitHub Handle .................................................................................................30
Step 2 ..................................................................................................................................31
Add Kellogg email to GitHub Account....................................................................................31
Adding Kellogg email ..........................................................................................................32
Verify Kellogg email............................................................................................................33
Step 3 ..................................................................................................................................33
Digital Concierge Ticket ......................................................................................................33
Catalog request .................................................................................................................34
Join Kellogg GitHub ............................................................................................................35
Step 4 ..................................................................................................................................36
Two factor authentications .................................................................................................36
Recovery codes .................................................................................................................37
Authentication success .......................................................................................................40
Step 5 ..................................................................................................................................41
Kellogg GitHub organization ................................................................................................41
Step 6 ..................................................................................................................................42
Profile Setup .....................................................................................................................42
Step 7 ..................................................................................................................................43
Generating Access Token ....................................................................................................43
Enabling Access Token........................................................................................................45
Known issues and how to fix them ..............................................................................................46
SSL certificate issue...................................................................................................................46
Required SSL certificate..........................................................................................................46
Kellogg VDI users...................................................................................................................46
Kellogg Laptop users ..............................................................................................................47
Repository Cloning issue ............................................................................................................49
Kellogg Laptop user ...............................................................................................................49
Kellogg VDI user....................................................................................................................49
For Windows OS user .........................................................................................................49

2|Pa g e
Revision History
Version Changed By Change Date Remarks
1.0 Rijul Sahu May 26, 2021 Author
1.1 Rijul Sahu June 25, 2021 1. Added steps to fix
SSL issues for Kellogg
VDI and Kellogg laptop
users
2. Updated template
[Link] link
3. Added sample
[Link] snapshots
from template
1.2 Rijul Sahu July 28, 2021 1. Added steps to fix
repository cloning
issues via adding SSH
key
2. Removed highlighted
note in Page 48
3. Minor document
formatting

3|Pa g e
GitHub standard Pull Request process workflow for
developers
Follow Onboarding
Clone the repository Create new feature
steps for getting Access
into your local machine branch in your local
to Kellogg Company
and go inside the folder machine
Github account

Pull request will be

Use the new branch for
Add & commit in your generated and can be
adding a new feature or
local branch and push seen by repsitory
making changes into
into remote Maintainers and admins
existing for Review

After Code review

Maintainer will 1st Automatically PR will be Final code review and
merge PR request into generated for merge into MAIN by
Development branch Development branch Maintainers
with proper comments

Naming Conventions & Readme

• New feature branch name must be like FL-12345 where FL is initials for developer’s First name,
Last name and 12345 is Plan id number of the project
• Project must contain a [Link] file which should contain detailed description about the
project.
• Sample [Link] file snapshot and link :- [Link]
template-data-engineering/blob/main/[Link] (Copy paste link in browser for opening, as
the repository is private to kelloggcompany)

4|Pa g e
5|Pa g e
6|Pa g e
Installing GitHub Client - Git
1. Install GitHub client in your machine – [Link]
2. Choose as per your operating system – Linux / Windows / MacOS

3. Choose simple Windows installation steps or take help of your IT support for installing into your
machine for diferrent operatiing system

a.

7|Pa g e
b.

c.

8|Pa g e
d.
e. Choose your choice of text editor for Git to use as default text editor

9|Pa g e
f.

g.

10 | P a g e
h.

i.

11 | P a g e
 j.

k.
4. This client gives option to use both
a. Command line interface
b. Graphical user interface

12 | P a g e
Clone remote repository using Git - GUI
1. Right click in any blank Folder or directory

2. Select Git GUI Here and click Clone Existing Repository

13 | P a g e
 3. Copy the HTTPS link from GitHub repository

4. Paste Repo link in Source location and provide target directory location of your local

5.
6. Done – your repo will be cloned in your local machine

Note: - Creating New repository - Developers are not required to do this step as the requested
repository will be created by GitHub admins and Team owners

Clone remote repository using Git - CLI

1. Open or create a directory into your local PC

14 | P a g e
2. Right click and select git bash

3. In shell type git clone [Link]

15 | P a g e
 4. Successful clone will look like below and you will also see repository folder created into your
local:

5. Now you can go inside your cloned repository and make changes, add new feature, fix bug
which ever you like
6. Next step is to push your changes into your branch

Using Visual Studio Code for GitHub

1. Open VS Code

2. Click on Source Control

16 | P a g e
3. Click on clone repository
4. Click on clone from GitHub and allow

17 | P a g e
5.

6.

7.

18 | P a g e
8. On successful authentication you should be able to see “Kellogg company” repositories

9. Select your repository

10. Select Folder in which you want to clone your repository into your Local

19 | P a g e
 11. Cloning will start and will ask for Personnel Access Token

12. Provide the Personnel Access Token which you have generated in Step 7 of GitHub Onboarding
process
13. After giving correct Access Token – Cloning will complete, then open your cloned repository

Creating new feature branch using GIT client

For creating a new feature branch in your local:

20 | P a g e
git branch FL-123

git checkout FL-12345

git status

make changes or add new file into this branch and do git status

You can see all branches created by using:

git branch

Which will show :

* FL-123

main

For adding newly added file or code into your local branch and commit

git add [Link]

git commit -m “new PR for FL-123”

Push changes from your commit into your branch:

21 | P a g e
git push origin FL-123

Delete a branch on your local filesystem:

git branch -d FL-123

To force the deletion of local branch on your filesystem:

git branch -D FL-123

Delete the branch on GitHub:

git push origin FL-123

Note: Delete branch in GitHub remote will only work if you have merged your code into main/master,
otherwise you need to force delete into Local, but this will cause error while creating same branch name
next time into Local.

Mandatory Security Checks

Never store unencrypted secrets in .git repositories
• It is common to wrongly assume that private repositories are secure vaults that are safe places
to store secrets. Private repositories are not appropriate places to store secrets.
• Private repositories are high value targets for bad actors because it is common practice to store
secrets within them.
• In addition, .git is designed to sprawl. Repositories get cloned onto new machines, forked into
new projects and new developers regularly enter and exit a project with access to complete
history. Any secrets that exist within a private repository's history will exist in all new
repositories born from that source.
• If a secret enters a repository, private or public, then it should be considered compromised.

A secret in a private repo is like a password written on a $20 bill, you might trust the person you gave it
to, but that bill can end up in hundreds of people’s hands as a part of multiple transactions and within
multiple cash registers.

22 | P a g e
Avoid git add * commands on git
Using wildcard commands like git add *or git add . can easily capture files that should not enter a git
repository, this includes generated files, config files and temporary source code.

Add each file by name when making a commit and use git status to list tracked and untracked files.

“Remember that each file in your working directory can be in one of two states: tracked or untracked.

Tracked files are files that were in the last snapshot; they can be unmodified, modified, or staged. In
short, tracked files are files that Git knows about. Untracked files are everything else.”

Advantages

• Complete control and visibility over what files are committed

• Reduces the risk of unwanted files entering source control
• Requires thought and consideration when adding files

Disadvantages

• Takes additional time when making a commit

• Can mistakenly miss files when committing

Tip: Committing early and committing often will not only help navigate file history and break up
otherwise large tasks, in addition it will reduce the temptation to use wildcard commands.

Add sensitive files in .gitignore

To prevent sensitive files ending up within git repositories a comprehensive .gitignore file should be
included with all repositories and include:

• Files with environment variables like .env or configuration files like .zshrc or .config
• Files generated by another process (such as application logs or checkpoints, unit tests / coverage
reports)
• Files containing “real” data (other than test data) like database extracts
• GitHub published a collection of useful .gitignore templates here

Don’t rely on code reviews to discover secrets

It is extremely important to understand that code reviews will not always detect secrets, especially if
they are hidden in previous versions of code. The reason code reviews are not adequate protection is
because reviewers are only concerned with the difference between current and proposed states of the
code, they do not consider the entire history of the project.

If secrets are committed into a development branch and later removed, these secrets won’t be visible or
of importance to the reviewer. The nature of git means that if a secret gets overlooked in history it is
compromised forever as anyone with access to the repository can find this secret in previous revisions of
the codebase.

23 | P a g e
Note: As a rule, automation should be implemented wherever predefined rules can be established, like
secrets detection. Human reviews should be left to check code for errors that cannot be easily
predefined, such as logic.

Use automated secrets scanning on repositories

Even when all best practices are followed, mistakes are common. When dealing with highly sensitive
data, no chances should be taken.

. Secrets scanning provides essential visibility over your internal systems.

It is important to also consider that even the best secrets management systems and policies do not
prevent newly generated secrets entering the code base or old secrets being extracted and included
again.

Advantages

• Difficult to circumvent and ignore compared to tools that need to be manually run
• Much faster and more accurate than relying on human checking
• Can detect secrets buried within logs and history that manual reviews and searches will not
uncover
• Live scanning ensures all active data leaks are captured

Don’t share your secrets unencrypted in messaging systems like Teams or Skype
A common secret sprawl enabler is sending secrets in plain text over messaging services. While these
systems are intended to keep messages secure, they are not intended to hold sensitive information such
as secrets.

These systems are high value targets for attackers, it only takes one compromised email or MS Teams
account to uncover a trove of sensitive information. If secrets are being sent over internal systems it
also makes it possible for bad actors to move laterally between services by using secrets to find secrets.

Store secrets safely

There is no silver bullet solution for secrets management, different factors such as project size, team
geography and project scope must be considered. Multiple solutions may need to coexist. Carefully
consider each option, not just to meet your current needs, but also considering how each solution will
scale with the growth of your project.

Use encryption to store secrets within .git repositories

Encrypting your secrets using common tools such as git secret and storing them within a git repository
can be beneficial when working in teams as it keeps secrets synced. This does however introduce a new
issue to consider because you now need to handle additional security keys to encrypt and decrypt
secrets. These keys also need to be stored and securely shared which might make it seem like a never-
ending problem!

Advantages

• Your secrets are synced

24 | P a g e
Disadvantages

• You must deal with your encryption keys securely

• No audit logs (who accessed which secret and when)
• No role-based access control (RBAC)
• Hard to rotate access. Rotating access implies to revoke the key and redistribute it. The
distribution part is not easy to handle with git repositories when dealing with multiple
developers

Use local environment variables, when feasible

An environment variable is a dynamic object whose value is set outside of the application. This makes
them easier to rotate without having to make changes within the application itself. It also removes the
need to have these written within source code, making them more appropriate to handle sensitive data.

Advantages

• They are easy to change between deployed versions without changing any code
• They are less likely to be checked into the repository
• Simple and clean
Disadvantages

• This approach may not be feasible at scale when working in teams because there is no way to
easily keep developers, applications and/or infrastructure in sync

Mandatory Security Checks Next Generation Analytic Perspective (AWS

Cloud)
To keep our AWS account secure, it's important for us to understand the AWS shared responsibility
model.

25 | P a g e
In a nutshell, it states that AWS is responsible for the security of the cloud and us, the customers are
responsible for the security in the cloud. Simply put, for developers it means that we should take special
care of our AWS credentials like Access key ID and Secret Access Key.

Anti-pattern: Hardcoding credentials

This is an anti-pattern and must be avoided at all costs. If your code looks like the following, then you
must act now

const AWS = require("aws-sdk");

[Link]({

credentials: {

access_key_id: "<your-access-key-id>",

secret_access_key: "<your-secret-access-key>"

})

Why is this bad?

As a developer, you are most likely to commit this code in some repository like a private GitHub repo or
your team repository such as Bitbucket or AWS Code Commit. Besides running a risk of using an anti-
pattern, you don't want someone to access your hard-coded keys, because it will allow them to
access/manage all the resources that these credentials provide access to. If the IAM policy attached to
the user whose credentials you are using looks like the following, it means that you have handed over
the keys to your AWS kingdom to anybody who has access to your code

"Version": "2012-10-17",

"Statement": {

"Effect": "Allow",

"Action": "*",

"Resource": "*"

}
}

How to mitigate?
If you think that you can't make changes to your code, then you must modify the IAM policy attached to
that role or move them to an IAM group with restrictive privileges e.g. IAM policy that grants least
privileges to only a given Amazon S3 bucket:

26 | P a g e
{

"Version": "2012-10-17",

"Statement": [

"Sid": "ListYourObjects",

"Effect": "Allow",

"Action": "s3:ListBucket",
"Resource": ["arn:aws:s[Link]ucket-name"]

},

"Sid": "ReadWriteDeleteYourObjects",

"Effect": "Allow",

"Action": [

"s3:GetObject",

"s3:PutObject",

"s3:DeleteObject"

],
"Resource": ["arn:aws:s[Link]ucket-name"]

No hardcoded credentials
With that anti-pattern out of the way, you may take one of the following approaches to use your AWS
credentials.

Use environment variables

$ export AWS_ACCESS_KEY_ID="<your-access-key-id>"

$ export AWS_SECRET_ACCESS_KEY="<your-secret-access-key>"

then, integrate in your app with the environment variables

27 | P a g e
Use AWS profile
You can use AWS named profiles to store more than one credential. You can inspect the following two
files:

• ~/.aws/credentials contains aws_access_key_id and aws_secret_access_key

• ~/.aws/config contains region and output

Default ~/.aws/credentials file looks like the following although Kellogg uses single sign on for login so
below will not be required, but still useful

[default]

aws_access_key_id = "<your-access-key-id>"

aws_secret_access_key = "<your-secret-access-key>"

[personal]

aws_access_key_id = "<your-access-key-id>"

aws_secret_access_key = "<your-secret-access-key>"

~/.aws/config file looks like the following:

[default]

region = us-west-2

output=json

[profile personal]

region = us-west-2

output = json

What about the code running in Amazon EC2, AWS Lambda?

Only 3 words : "Use IAM roles".
If you have your code running in a Docker container on an Amazon EC2 instance, then understand that
every single process on the system has access to IAM roles and your container will assume that role
without you having to specify it.

Use "Secrets as a service" solutions

Secrets management systems such as AWS Key Management Service are encrypted systems that can
safely store your secrets and tightly control access. Vaults and other managed secrets solutions are not
appropriate in all cases because they are complicated to set up and need to be well maintained. Both
take a considerable investment of resources.

28 | P a g e
Advantages

• It prevents secrets from sprawling

• It provides audit logs

Disadvantages

• As they introduce a single point of failure, they must be hosted on a highly available and secure
infrastructure
• All the codebase must be changed to integrate with them
• Keys giving access to the system must be carefully protected

Use short-lived secrets

It is common for APIs to typically provide long-lasting access tokens. These tokens could last indefinitely.
While this is convenient for developers this means that a secret poses the same security risks for its
entire life and increases the chances of them being used in an attack. Short lived secrets prevent historic
data leaks that were not detected from still being a threat and means that if an attacker discovers a
secret his access will still be cut off if the breach is not discovered.

It is also good practice to make sure you revoke and redistribute all APIs often, particularly if it is not
possible to introduce validity period on APIs.

Imagine you own a company with hundreds of employees that all have keys to your office, keys will
inevitably get lost, employees will leave the company, new keys will get cut and you will soon lose
visibility over where each key is. It would be widely considered good practice to change the locks from
time to time.

Advantages

• Enforces good secret hygiene

• Reduces the risk of long-term threats
Disadvantages

• Requires an active secrets management strategy

IMPORTANT
Managing secrets and storing secrets is a challenge that requires vigilance from even the most
experienced developer, who needs to carefully consider how they are using, storing, sharing and
distributing secrets. Unfortunately, there is no perfect checklist that a developer can follow, and
policies, tools and strategies will differ from projects, but it is crucial for developers to understand
consequences of policies so that secrets management can be an informed, active strategy throughout
the entire development process.

29 | P a g e
GitHub Onboarding Process
• Sign in / up for GitHub account
STEP 1

• Add and verify Kellogg email to GitHub account

STEP 2

• Submit a ServiceNow Ticket to get added to GitHub Enterprise Active Directory

STEP 3 Group

• Enable Two Factor Authentication

STEP 4

• Set up Teams and Repositories

STEP 5

• GitHub profile setup

STEP 6

• Generating and enabling Access Token for working in development environment

STEP 7

Step 1
Create New GitHub Handle
(If you don’t have one already)

30 | P a g e
 •
•

Step 2
Add Kellogg email to GitHub Account
(if your GitHub Account is created with a personal email id)

31 | P a g e
Adding Kellogg email

32 | P a g e
Verify Kellogg email

Step 3
Digital Concierge Ticket
For adding your network id to GitHub Enterprise Active directory group

33 | P a g e
 •

→ → →

Catalog request

a.

b.

c.

34 | P a g e
Join Kellogg GitHub

35 | P a g e
Step 4
Two factor authentications

36 | P a g e
Recovery codes

37 | P a g e
38 | P a g e
a.

b.

39 | P a g e
Authentication success

40 | P a g e
Step 5
Kellogg GitHub organization

41 | P a g e
Step 6
Profile Setup

1. Profile
Go to your profile
image on the far upper
right-hand corner Click
on “Your profile” under
your profile

2. Name
Important: Give appropriate
Name to your profile as this
will be visible to entire
organization. Ex:

First name Last name

3. Company Info
Important: Mention your
company name. This will help
everyone to identify from which
organization you belong to.

4. Profile Picture
Optional: if you want to add
your profile picture you can
add that by clicking edit
button on blank profile pic.

5. Appearance
6. Other details
Optional: If you want you can
change Theme, however you Fill your other required details
want to look your GitHub like email visibility, backup email
profile, Dark theme or light address, notifications setup etc.
theme
42 | P a g e
Step 7
Generating Access Token

1. Developer settings
Once inside your profile page, click on
developer settings tab from left side
menu

2. Access Token
Click on personnel access
tokens tab

3. Generate new token

Click on Generate new token, this will help
you to push and publish your code into
GitHub repositories. Note it will ask
password to provide your password and
proceed.

43 | P a g e
4. Token name
Give appropriate token name
and check all selection boxes.
And finally click on generate
token on bottom

5. Copy access token

Important: please copy this access token

for your future code base using GitHub
API.

44 | P a g e
Enabling Access Token

1. Enable SSO 3. Give credentials

Click on Enable SSO button and then If asked, give your Kellogg network
click on authorize credentials and click continue.

2. SSO authorize
Click on Continue, it will redirect to 4. Successful
Kellogg’s active directory user After successful SSO enablement access
credentials. token will be activated.

45 | P a g e
Known issues and how to fix them

SSL certificate issue

Required SSL certificate

[Link]
Right click copy and paste into your local

Kellogg VDI users

1. Zscaler client installation
a. Login to the VDI - Zscaler will install during the login process for these users.
b. While it is not a long installation process, it currently requires the user to click ‘Run’
when prompted.
c. The users may also need to login to Zscaler before it works as intended. They can login
by accessing the Zscaler icon in the System Tray.
2. Proxy and SSL Certificate Update
a. Add Proxy details to Git Bash to make it Proxy aware
b. Execute the following command in Git Bash
i. git config --global --add [Link] "[Link]:9000”
c. Execute the following command ensure the proxy is listed in the config
i. git config -l

d. In the git config command output, check out the value for “[Link]” parameter.
This will be the path of the SSL Certificate location ( C:/Program
Files/Git/mingw64/ssl/certs/)
i. Open “[Link]” in a text editor
ii. Open the “[Link]” shared with this document
in some text editor
iii. Copy and paste the content “[Link]” to the
end of “[Link]”

46 | P a g e
 iv. If you try to save the “[Link]”, you may get an error message due to
permission
v. Save-as the updated “[Link]” to “Documents” folder
vi. Paste replace the “[Link]” from “Documents” folder to your Git SSL
Certificate location like ( C:/Program Files/Git/mingw64/ssl/certs/).
vii. You may get a message as shown below. Click continue, and the update ca-
[Link] will be copied to this location

3. Open Git Bash again and try to Fetch or Clone any repository to ensure there are no SSL cert
issues

Kellogg Laptop users

1. Proxy and SSL Certificate Update
a. Add Proxy details to Git Bash to make it Proxy aware
b. Execute the following command in Git Bash
i. git config --global --add [Link] "[Link]:9000”
c. Execute the following command ensure the proxy is listed in the config
i. git config -l

47 | P a g e
 d. In the git config command output, check out the value for “[Link]” parameter.
This will be the path of the SSL Certificate location ( C:/Program
Files/Git/mingw64/ssl/certs/)
i. Open “[Link]” in a text editor
ii. Open the “[Link]” shared with this document
in some text editor
iii. Copy and paste the content “[Link]” to the
end of “[Link]”
iv. If you try to save the “[Link]”, you may get an error message due to
permission
v. Save-as the updated “[Link]” to “Documents” folder
vi. Paste replace the “[Link]” from “Documents” folder to your Git SSL
Certificate location like ( C:/Program Files/Git/mingw64/ssl/certs/).
vii. You may get a message as shown below. Click continue, and the update ca-
[Link] will be copied to this location

2. Open Git Bash again and try to Fetch or Clone any repository to ensure there are no SSL cert
issues

Note:-

• For performing above mentioned SSL steps you may or may not need admin privileges.
• If asked for continued admin access then please get help from laptop support for performing
steps (specifically the copy paste step)

48 | P a g e
Repository Cloning issue
While cloning any kelloggcompany repository if your command prompt is stuck for long time like this:

or cloning is not happening then check below steps for resolution.

Kellogg Laptop user

Although this issue in not seen so far in users who are using Kellogg’s laptop, but if you are still facing
repo cloning issue then try steps mentioned for Kellogg VDI users below

Kellogg VDI user

For Windows OS user
1. Open Git Bash.

2. Paste the text below, substituting in your GitHub email address.

ssh-keygen -t ed25519 -C “your_email@[Link]”

This creates a new ssh key, using the provided email as a label.

> Generating public/private ed25519 key pair.

Note: If you are using a legacy system that doesn't support the Ed25519 algorithm, use:

ssh-keygen -t rsa -b 4096 -C "your_email@[Link]"

3. When you're prompted to "Enter a file in which to save the key," press Enter. This accepts the
default file location.

> Enter a file in which to save the key (/c/Users/you/.ssh/id_ed25519):[Press enter]

49 | P a g e
4. At the prompt, type a secure passphrase. (press enter to not enter any password/passphrase)

> Enter passphrase (empty for no passphrase): [press enter to not enter any
password/passphrase]

> Enter same passphrase again: [press enter to not enter any password/passphrase]

Note: If you want to give a passphrase/password then enter a passphrase but do remember that
as it is not recoverable if you forget that.

5. Ensure the ssh-agent is running by simply start it manually by:

eval "$(ssh-agent -s)"
> # this start the ssh-agent in the background with some Agent pid 59566 (example)

6. Add your SSH private key to the ssh-agent. If you created your key with a different name, or if
you are adding an existing key that has a different name, replace id_ed25519 in the command
with the name of your private key file.

ssh-add ~/.ssh/id_ed25519

7. Add the SSH key to your account on GitHub, your key must be present in

50 | P a g e
8. Copy the SSH public key to your clipboard.
If your SSH public key file has a different name than the example code, modify the filename to
match your current setup. When copying your key, don't add any newlines or whitespace.

clip < ~/.ssh/id_ed25519.pub

# This Copies the contents of the id_ed25519.pub file to your clipboard

Note: If clip isn't working, you can locate the hidden .ssh folder, open the file in your favorite
text editor, and copy it to your clipboard.

9. In the upper-right corner of any page, click your profile photo, then click Settings.

51 | P a g e
10. In the user settings sidebar, click SSH and GPG keys.

11. Click New SSH key or Add SSH key.

12. In the "Title" field, add a descriptive label for the new key. For example, if you're using a kellogg
Mac, you might call this key "kellogg MacBook Air".

13. Paste your copied / clipped key into the "Key" field.

14. Click Add SSH key.

52 | P a g e
15. If prompted, confirm your GitHub password.

16. Next to the SSH key you'd like to authorize, click Enable SSO or Disable SSO.

17. Click Authorize.

53 | P a g e
18. It will ask to authorize for SSO click Continue

54 | P a g e
19. Once you are done with authorizing the SSO for your ssh key then you can try again by cloning
the repo by using the ssh url

20. For cloning with copied ssh url type git@[Link]:kelloggcompany/[Link]

21. References: Generating a new SSH key, Adding your SSH key to the ssh-agent,,
[Link]
ssh/adding-a-new-ssh-key-to-your-github-account, Authorizing an SSH key for use with SAML
single sign-on

55 | P a g e