GitHub: Your Cloud Backup
What you'll learn
~25 min- Create a GitHub account and install the GitHub CLI
- Create a remote repository and push a local project to GitHub
- Understand and configure .gitignore to protect secrets and skip generated files
- Set up authentication with gh auth login
- Follow a pre-push checklist before sharing code
You’ll push your first project to GitHub and have a cloud backup you can access from anywhere.
Why This Matters
GitHub is three things at once:
- Your backup. If your laptop dies, your code is safe in the cloud.
- Your portfolio. Employers and collaborators check GitHub profiles. Every project you push is a signal that you build things.
- Your collaboration hub. When you work with others — or even with yourself across multiple machines — GitHub is how code moves between them.
Most professional developers use GitHub or a similar Git hosting platform (GitLab, Bitbucket, Azure DevOps). Setting it up now means every project you build from here forward is automatically backed up and shareable.
The Mental Model: Google Drive for Code
You already use Google Drive or OneDrive to back up documents. GitHub does the same thing for code — but better. Instead of just storing the latest version, GitHub stores the complete history of every change you’ve ever made. You can go back to any point in time, see who changed what, and restore old versions instantly.
| Google Drive | GitHub |
|---|---|
| Upload files to the cloud | Push commits to a remote repo |
| Share a link with collaborators | Share a repo URL |
| See when a file was last modified | See full commit history with messages |
| One version (unless you dig into history) | Full commit history preserved by default |
Prerequisites
Before starting this lesson, make sure you have:
- Git installed and configured (Module 7, Lesson 1) — run
git --versionto verify - A local repository with at least one commit (Module 7, Lessons 2-3) — run
git log --onelineto verify
If either of those fails, go back and complete the earlier lessons first.
Step 1: Create a GitHub Account
If you already have a GitHub account, skip to Step 2.
- Go to github.com and click Sign up
- Choose a username — this will be part of your profile URL (
github.com/your-username), so pick something professional - Enter your email and create a password
- Verify your email address
- Choose the Free tier — it’s all you need for this course (and for most professional work)
Your GitHub username is visible on every project you share. Use your real name or a professional handle. Avoid joke names — future employers will see this.
Step 2: Install the GitHub CLI
The GitHub CLI (gh) lets you create repos, manage authentication, and interact with GitHub entirely from your terminal — no browser clicking required.
macOS:
brew install ghWindows (native, via PowerShell):
winget install --id GitHub.cliWindows (WSL) / Ubuntu / Debian:
sudo apt install ghIf apt has an older version, use the official install:
curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpgecho "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/nullsudo apt updatesudo apt install ghFedora / RHEL:
sudo dnf install ghVerify the install:
gh --versionAuthenticate with GitHub
Before you can push code, you need to log in:
gh auth loginThis starts an interactive walkthrough. Choose these options:
- Where do you use GitHub? →
GitHub.com - Preferred protocol? →
HTTPS(simpler for beginners; SSH works too) - Authenticate Git with your GitHub credentials? →
Yes - How would you like to authenticate? →
Login with a web browser
It will give you a one-time code, open your browser, and ask you to paste it. Once done, you’re authenticated.
🔍HTTPS vs SSH
When gh auth login asks about your “preferred protocol,” you are choosing how your computer talks to GitHub:
- HTTPS (recommended for beginners): Uses your browser or a token for authentication. Simpler to set up, works through most firewalls.
- SSH: Uses cryptographic keys stored on your machine. More convenient once set up (no repeated logins), but requires generating and managing key files.
Either works fine. If you are unsure, choose HTTPS. You can switch later.
If your network blocks browser-based auth, choose Paste an authentication token instead. Generate a Personal Access Token at github.com/settings/tokens with repo scope, then paste it when prompted. For SSH key setup, run gh auth login and select the SSH protocol — gh will generate and upload a key for you.
Verify that authentication worked:
gh auth statusYou should see your username and the scopes you’ve granted.
.gitignore Essentials
Not everything belongs on GitHub. Some files are generated, some are enormous, and some contain secrets that should never be shared. The .gitignore file tells git which files to skip. Set this up before your first push.
The starter template
Create a .gitignore file in your project root with this content:
# Dependencies (downloaded, not created by you)node_modules/__pycache__/venv/
# Build output (generated, not source code)dist/build/.output/
# Environment variables (secrets!).env.env.local.env.production
# OS files (junk your operating system creates).DS_StoreThumbs.db
# Editor and tool files (personal settings).vscode/.idea/.claude/
# Logs*.logThe rule of thumb
Commit things you created. Skip things that are generated or downloaded.
| Commit this | Do NOT commit this |
|---|---|
Source code (.js, .html, .css, .py) | node_modules/ (downloaded) |
Configuration (package.json, config files) | .env files (secrets) |
.gitignore itself | Build output (dist/, build/) |
| README and documentation | OS junk (.DS_Store, Thumbs.db) |
| Test files | Large binary files (videos, datasets) |
If you pushed a .env file or any file with API keys to GitHub, those secrets are in your git history even if you delete the file. You must:
- Immediately revoke the exposed keys at your API provider’s dashboard and generate new ones
- Remove the file from tracking:
git rm --cached .env - Add
.envto your.gitignore - Commit those changes:
git commit -m "Remove .env from tracking"
For thorough history cleanup, look into git filter-repo — the tool recommended by Git and GitHub for rewriting history to scrub secrets from old commits. But revoking the keys is the urgent first step.
Step 3: Create Your First Remote Repository
If you followed the manual push instructions in Lesson 3, your remote is already set up. Skip to “Future Pushes” below — you just need git push from now on.
Make sure you’re inside your local git project (the one with commits from previous lessons):
Once you push to GitHub, your code is on the internet. Make sure .gitignore is set up first (see above). If you accidentally push secrets like API keys, they are in the git history even if you delete them later. Rotate any exposed keys immediately.
cd ~/my-project # Replace with the actual path to YOUR project foldergit branch -M main # Ensure your branch is named "main" (the modern convention)gh repo create my-first-project --public --source=. --remote=origin --pushOlder versions of git used master as the default branch name. In 2020, the convention changed to main. The git branch -M main command renames your current branch to main so it matches what GitHub expects. If your branch is already called main, the command does nothing harmful.
That single command does everything. Here’s what each flag means:
| Flag | What it does |
|---|---|
my-first-project | The name of your GitHub repo |
--public | Anyone can see it (use --private if you prefer) |
--source=. | Use the current directory as the source |
--remote=origin | Name the remote connection “origin” (the convention) |
--push | Immediately push all your commits to GitHub |
After it runs, you’ll see a URL like https://github.com/your-username/my-first-project. Open it in your browser — your code is on GitHub.
Common issues and fixes:
- “remote origin already exists”: You already have a remote set up. Check it with
git remote -v. Update it withgit remote set-url origin https://github.com/YOUR-USERNAME/REPO.git. - Authentication error: Run
gh auth statusto check if you are logged in. If not, rungh auth loginagain. - Push rejected: Run
git pull --rebase origin mainto sync with the remote, thengit push.
“Origin” is just a nickname for the GitHub URL. When you run git push, git looks up where “origin” points and sends your code there. You can name it anything, but “origin” is the universal convention — every tutorial, every AI tool, and every collaborator expects it.
The manual way (without gh CLI)
If you prefer or if gh isn’t available:
- Go to github.com and click + then New repository
- Name it, choose Public or Private, and do not add a README or .gitignore (you already have files)
- Click Create repository
- Copy the commands GitHub shows you and run them:
git remote add origin https://github.com/YOUR-USERNAME/my-first-project.gitgit branch -M maingit push -u origin mainBoth methods get you to the same place. The gh CLI just does it in one step.
Step 4: The Daily Push Workflow
Now that your repo is connected, pushing new work is simple:
git add .git commit -m "Add feature description"git pushThree commands. Your changes are staged, committed, and backed up to GitHub. This is the workflow you’ll use every time you finish a chunk of work.
Push after every meaningful commit — when a feature works, when you fix a bug, when you’re done for the day. Don’t wait until the project is “finished.” Frequent pushes mean frequent backups.
Pre-Push Checklist
Before your first push to GitHub (and as a habit for every new project), verify these items:
.gitignoreis in place and includes generated/downloaded folders (e.g.,node_modules/,venv/,__pycache__/),.env, and build output (dist/)- No API keys or passwords in any committed file — search your code for strings like
sk-,AKIA, orpassword = - The project builds and runs locally — run your project’s start command (
npm run dev,python app.py, or your equivalent) and verify it works - Commits have meaningful messages — not “stuff” or “asdf”
- Project config has a reasonable name —
package.json,pyproject.toml, or equivalent will be public if the repo is public
The checklist takes 30 seconds and prevents embarrassing (or dangerous) mistakes. Treat it like a pilot’s pre-flight check — boring but critical.
🧬In Your Field: Biotechclick to expand
Research data and lab notebooks. GitHub repositories make excellent homes for research tool code, analysis scripts, and computational protocols. Keep your raw data in separate storage (institutional servers, cloud storage) and use git for the code that processes that data. Your commit history becomes a traceable record of how your analysis evolved — “Add normalization step for RNA-seq counts,” “Fix batch effect correction,” “Update p-value threshold to 0.01.” When you publish, you can link to the exact commit used for the results in your paper. Some journals now require this level of reproducibility.
📊In Your Field: MIS / Businessclick to expand
Private repos for business projects. When building dashboards, automation scripts, or report generators for a business context, use --private instead of --public when creating repos. Private repositories are free on GitHub and ensure that proprietary business logic, client data schemas, and internal tool configurations stay confidential. You can always change a repo from private to public later — but you can’t un-publish something once it’s been public. When in doubt, start private.
🏛️In Your Field: Government / State Devclick to expand
GitHub Enterprise and restricted environments. Many government agencies use GitHub Enterprise, GitLab, or Azure DevOps instead of public GitHub. The git commands are identical — the only difference is the URL in git remote add origin. Check with your IT team about which hosting service is approved. Some agencies require security scanning (like GitHub Advanced Security or Snyk) before code can be pushed. If your network restricts access to github.com, ask about VPN exceptions for developer tools or use your agency’s internal Git hosting. The key point: get your work off your local machine and into a backed-up, access-controlled repository.
When Things Go Wrong
Use the Symptom → Evidence → Request pattern: describe what you see, paste the error, then ask for a fix.
Key Takeaways
- GitHub is your cloud backup and portfolio. Every project you push is safe from hardware failure and visible to collaborators (or employers).
- Push after every meaningful change. Don’t wait until the project is “done.” Frequent pushes mean frequent backups.
.gitignoreprotects your secrets. Always set it up before your first commit. Never push.envfiles,node_modules/, or build output.- The
ghCLI simplifies everything. One command to create a repo and push — no browser required. - The daily rhythm is simple:
git add .,git commit -m "message",git push. Three commands, ten seconds, complete backup.
What does a .gitignore file do?
You just created a new project and want to back it up to GitHub. What's the correct order of steps?