How to stop the keychain alert 'xxx want to use the keychain'
In Terminal check what you have set in your git config:
git config -l
You should see an entry for "credential.helper=osxkeychain" which is typically included if you installed git from Homebrew or have a newer macOS version such as Big Sur and the developer tools installed.
There is the option to set a cache timeout so you don't have to type your password to unlock the keychain every time you need git credentials. Think of it like the timeout for sudo where it doesn't always ask for the password if you recently used the password. You can adjust this cache timeout value to whatever you like.
To add a credential.helper cache timeout of an hour to your git config in Terminal:
git config --global credential.helper 'cache --timeout 3600'
From the alert screenshot you have posted, it is clear that it happens whenever you use Git
. You have stored your git credentials in the Keychain
(which is the right way in macOS), and thus whenever you use Git
, it asks the Keychain
for the credentials. But not all apps are allowed access to the Keychain
as it stores many other passwords / keys / certificates etc. So macOS informs you that this particular app wants access to the Keychain
and you get the alert.
To avoid this alert, you can grant access to particular app(s) to only access specific credentials that it needs within Keychain, through the Keychain Access
app. To do so:
-
Open
Keychain Access
(you can find it in Applications > Utilities). -
Use the search field to search for your Git credential (e.g. "Github").
-
It should show the respective item below. Right-click the correct git credential and from the menu, click Get Info.
-
It will display a window like this (on macOS Mojave):
-
Click on the Access Control tab.
-
Under "Always allow access by these applications:", click the
+
sign and add the tool mentioned in the alert, i.e. "git-credential-oskeychain" (which I assume is the osxkeychain helper - this may be in different locations depending on whether you installed it using Homebrew or Xcode Command Line Tools). -
Click Save Changes button.
-
Restart your computer.
You can also deselect Ask for Keychain password but (if I remember right) you may still get an alert whenever some tool wants to use it. It is a bad idea to select Allow all applications to access this item as it may allow any rogue application access to your git credentials.
Note: James Brickley's answer is better in terms of security as by caching the password with a timeout, you only allow access to the credentials for a limited time. With the method I have described, the specific app will always have access to the git credentials till you disallow it from Keychain Acess.