How to fix git-credential-osxkeychain: git wants to access credentials. Allow? in Git

The simplest solution is to properly authorize the credential helper:

1. When the Keychain prompt appears, click "Always Allow" (not just "Allow")
2. Enter your macOS login password (the password you use to log into your Mac, NOT your Git/GitHub password)
3. Try another Git operation to verify the prompt doesn't reappear

Important: You must enter your Mac's login password, not your GitHub password or Personal Access Token. This authorizes the git-credential-osxkeychain binary to access credentials stored in your Keychain.

If the prompt keeps reappearing despite clicking "Always Allow", proceed to the next steps.

First, identify where your active git-credential-osxkeychain binary is located:

# Find git-credential-osxkeychain in your PATH
which git-credential-osxkeychain

# If using Homebrew-installed Git, check the Cellar
find /usr/local/Cellar/git -name git-credential-osxkeychain 2>/dev/null
find /opt/homebrew/Cellar/git -name git-credential-osxkeychain 2>/dev/null

# Check Apple's Xcode Command Line Tools location
ls -la /usr/bin/git-credential-osxkeychain

Common locations include:
- Homebrew (Intel Mac): /usr/local/Cellar/git/<version>/bin/git-credential-osxkeychain
- Homebrew (Apple Silicon): /opt/homebrew/Cellar/git/<version>/bin/git-credential-osxkeychain
- Xcode CLI Tools: /Library/Developer/CommandLineTools/usr/libexec/git-core/git-credential-osxkeychain
- Symlinked: /usr/local/bin/git-credential-osxkeychain

Note down the full path - you'll need it in the next step.

Add the correct git-credential-osxkeychain binary to your Keychain entry's access list:

1. Open Keychain Access (Spotlight search or Applications > Utilities > Keychain Access)
2. In the left sidebar, select the login keychain
3. In the search box, type github.com
4. Find the Internet password entry for github.com (not application passwords)
5. Double-click the entry to open its details
6. Click the Access Control tab
7. Under "Always allow access by these applications:", click the + button
8. Press Cmd+Shift+G to open the "Go to folder" dialog
9. Paste the path you found earlier (e.g., /opt/homebrew/Cellar/git/2.43.0/bin/git-credential-osxkeychain)
10. Click Go, select the binary, then click Add
11. Click Save Changes and enter your macOS login password when prompted

Now run a Git operation - the prompt should no longer appear.

If updating access control doesn't work, delete the credential and let Git recreate it:

Via command line:

# Erase the stored credential
git credential-osxkeychain erase
host=github.com
protocol=https
# Press Enter twice (leave blank lines)

Via Keychain Access:
1. Open Keychain Access
2. Search for github.com
3. Right-click the Internet password entry
4. Select Delete
5. Confirm deletion

Recreate the credential:

# Ensure osxkeychain helper is configured
git config --global credential.helper osxkeychain

# Run any Git operation that requires authentication
git fetch origin
# Enter your username when prompted
# Enter your Personal Access Token as the password

When prompted by Keychain, click Always Allow to authorize git-credential-osxkeychain.

To prevent this issue from recurring after future Git upgrades, create a symlink in a stable location:

# Remove any existing symlink
sudo rm -f /usr/local/bin/git-credential-osxkeychain

# Create symlink to the current binary
# For Homebrew on Apple Silicon:
sudo ln -s /opt/homebrew/bin/git-credential-osxkeychain /usr/local/bin/git-credential-osxkeychain

# For Homebrew on Intel Mac:
sudo ln -s /usr/local/opt/git/bin/git-credential-osxkeychain /usr/local/bin/git-credential-osxkeychain

Then, in Keychain Access, authorize /usr/local/bin/git-credential-osxkeychain (the symlink path) instead of the versioned Cellar path.

Now when Homebrew upgrades Git, the symlink stays the same, and your Keychain authorization remains valid.

Git Credential Manager is the modern replacement for osxkeychain helper. It handles authentication automatically, including OAuth and 2FA:

# Install Git Credential Manager via Homebrew
brew install --cask git-credential-manager

# Configure Git to use GCM
git config --global credential.helper manager

# Remove any old osxkeychain configuration
git config --global --unset credential.helper osxkeychain

Benefits of GCM:
- Handles GitHub OAuth authentication (opens browser)
- Supports two-factor authentication natively
- Works across macOS, Windows, and Linux
- No manual Personal Access Token management
- No Keychain authorization prompts

To authenticate with GCM:

# Run any Git operation
git fetch origin
# A browser window opens for GitHub OAuth
# Authorize the application
# Done - credentials are stored securely

SSH authentication avoids credential helpers entirely and is often more reliable:

# Check for existing SSH keys
ls -la ~/.ssh/*.pub

# Generate a new SSH key if needed
ssh-keygen -t ed25519 -C "[email protected]"

# Start the SSH agent
eval "$(ssh-agent -s)"

# Add your SSH key to the agent
ssh-add --apple-use-keychain ~/.ssh/id_ed25519

# Copy the public key to clipboard
pbcopy < ~/.ssh/id_ed25519.pub

Add the key to GitHub:
1. Go to [github.com/settings/keys](https://github.com/settings/keys)
2. Click New SSH key
3. Paste and save

Switch your repository to SSH:

# Check current remote
git remote -v

# Change from HTTPS to SSH
git remote set-url origin [email protected]:username/repo.git

# Test the connection
ssh -T [email protected]

SSH uses your key for authentication - no password prompts or Keychain issues.