Skip to content

👢 Bootstrap your macOS development system.


Notifications You must be signed in to change notification settings


Repository files navigation


A script to bootstrap a minimal macOS development system. This does not assume you're doing Ruby/Rails/web development but installs the minimal set of software every macOS developer will want.


Replacing Boxen in GitHub with a better tool. This post outlines the problems with Boxen and requirements for Strap and other tools used by GitHub:


  • Enables sudo using TouchID
  • Disables Java in Safari (for better security)
  • Enables the macOS screensaver password immediately (for better security)
  • Enables the macOS application firewall (for better security)
  • Adds a Found this computer? message to the login screen (for machine recovery)
  • Enables full-disk encryption and saves the FileVault Recovery Key to the Desktop (for better security)
  • Installs the Xcode Command Line Tools (for compilers and Unix tools)
  • Agree to the Xcode license (for using compilers without prompts)
  • Installs Homebrew (for installing command-line software)
  • Installs Homebrew Bundle (for bundler-like Brewfile support)
  • Installs Homebrew Services (for managing Homebrew-installed services)
  • Installs Homebrew Cask (for installing graphical software)
  • Installs the latest macOS software updates (for better security)
  • Installs dotfiles from a user's repository. If they exist and are executable: runs script/setup to configure the dotfiles and script/strap-after-setup after setting up everything else.
  • Installs software from a user's Brewfile in their repository or .Brewfile in their home directory.
  • A simple web application to set Git's name, email and GitHub token (needs authorised on any organisations you wish to access)
  • Idempotent

Out of Scope Features

  • Enabling any network services by default (instead enable them when needed)
  • Installing Homebrew formulae by default for everyone in an organisation (install them with Brewfiles in project repositories instead of mandating formulae for the whole organisation)
  • Opting-out of any macOS updates (Apple's security updates and macOS updates are there for a reason)
  • Disabling security features (these are a minimal set of best practises)
  • Add phone number to security screen message (want to avoid prompting users for information on installation)


Open in your web browser.

Instead, to run Strap locally run:

git clone
cd strap
bash bin/ # or bash bin/ --debug for more debugging output

Instead, to run the web application locally run:

git clone
cd strap
GITHUB_KEY="..." GITHUB_SECRET="..." ./script/server

Strap is also available as a Docker image on Docker Hub (mikemcquaid/strap) and GitHub Packages (

Web Application Configuration Environment Variables

  • GITHUB_KEY: the Application Client ID.
  • GITHUB_SECRET: the Application Client Secret.
  • SESSION_SECRET: the secret used for cookie session storage.
  • WEB_CONCURRENCY: the number of Puma (web server) threads to run (defaults to 3).
  • STRAP_ISSUES_URL: the URL where users should file issues (defaults to no URL).
  • STRAP_BEFORE_INSTALL: instructions displayed in the web application for users to follow before installing Strap (wrapped in <li> tags).
  • CUSTOM_HOMEBREW_TAP: an optional Homebrew tap to install with brew tap. Specify multiple arguments to brew tap by separating values with spaces.
  • CUSTOM_BREW_COMMAND: a single brew command that is run after all other stages have completed.


Stable and in active development.


Mike McQuaid


Licensed under the MIT License. The full license text is available in LICENSE.txt.