Fixing OSX “git clone” 403 Errors


You couldn’t do “git clone” on your Mac.


  • Apple updated their version of git to include a helper that stores git credentials in the OSX KeyChain.
  • Since AWS CodeCommit uses temporary credentials, that means git actions will work initially but once the first set of credentials expire git actions will fail with a 403 error.
  • Git searches for configuration from a number of local / global and system configuration file.
  • Check each with the following commands to make sure “osxkeychain” isn’t configured.
  • Make sure to leave the “codecommit credential-helper” configured in your local settings.
$ git config --local -e$ git config --global -e$ sudo git config --system -e
  • This should fix the problem, if not you can use the following command to find out where git is getting a particular configuration value from:
$ git config --show-origin --get credential.helper

Also try out:

  • Clear out any credentials in KeyChain (search for “git”, review and delete)
  • Edit the file /Library/Developer/CommandLineTools/usr/share/git-core/gitconfig and remove osxkeychain helper.

If the above didn’t help, then:

  • Execute below whenever you pull aws creds on cli :
alias deletekeychaingit="git config --global credential.helper '!security delete-internet-password -l \"\"; aws codecommit credential-helper $@'"

Example usage:

alias auto=’deletekeychaingit && pipenv run python’

This alias always deletes cached credentials before git actions.



