Strap: Bootstrap Your macOS Development System


A script to bootstrap a minimal macOS development system. This does not assume you're doing Ruby/Rails/web development but installs the minimal set of software every macOS developer will want.


  • Enables sudo using TouchID
  • Disables Java in Safari (for better security)
  • Enables the macOS screensaver password immediately (for better security)
  • Enables the macOS application firewall (for better security)
  • Adds a Found this computer? message to the login screen (for machine recovery)
  • Enables full-disk encryption and saves the FileVault Recovery Key to the Desktop (for better security)
  • Installs the Xcode Command Line Tools (for compilers and Unix tools)
  • Agree to the Xcode license (for using compilers without prompts)
  • Installs Homebrew (for installing command-line software)
  • Installs Homebrew Bundle (for bundler-like Brewfile support)
  • Installs Homebrew Services (for managing Homebrew-installed services)
  • Installs Homebrew Cask (for installing graphical software)
  • Installs the latest macOS software updates (for better security)
  • Installs dotfiles from a user's repository. If they exist and are executable: runs script/setup to configure the dotfiles and script/strap-after-setup after setting up everything else.
  • Installs software from a user's Brewfile in their repository or .Brewfile in their home directory.
  • A simple web application to set Git's name, email and GitHub token (needs authorised on any organisations you wish to access)
  • Idempotent

Out of Scope Features

  • Enabling any network services by default (instead enable them when needed)
  • Installing Homebrew formulae by default for everyone in an organisation (install them with Brewfiles in project repositories instead of mandating formulae for the whole organisation)
  • Opting-out of any macOS updates (Apple's security updates and macOS updates are there for a reason)
  • Disabling security features (these are a minimal set of best practises)
  • Add phone number to security screen message (want to avoid prompting users for information on installation)


Open in your web browser.

Instead, to run Strap locally run:

git clone
cd strap
bash bin/ # or bash bin/ --debug for more debugging output

Instead, to run the web application locally run:

git clone
cd strap
GITHUB_KEY="..." GITHUB_SECRET="..." ./script/server

Strap is also available as a Docker image on Docker Hub (mikemcquaid/strap) and GitHub Packages (

Web Application Configuration Environment Variables

  • GITHUB_KEY: the Application Client ID.
  • GITHUB_SECRET: the Application Client Secret.
  • SESSION_SECRET: the secret used for cookie session storage.
  • WEB_CONCURRENCY: the number of Puma (web server) threads to run (defaults to 3).
  • STRAP_ISSUES_URL: the URL where users should file issues (defaults to no URL).
  • STRAP_BEFORE_INSTALL: instructions displayed in the web application for users to follow before installing Strap (wrapped in <li> tags).
  • CUSTOM_HOMEBREW_TAP: an optional Homebrew tap to install with brew tap. Specify multiple arguments to brew tap by separating values with spaces.
  • CUSTOM_BREW_COMMAND: a single brew command that is run after all other stages have completed.


Stable and in active development.


Replacing Boxen in GitHub with a better tool. This post outlines the problems with Boxen and requirements for Strap and other tools used by GitHub:

Download Details:

Author: MikeMcQuaid
Source Code: 
License:  MIT License

#bootstrap #macos #xcode

Strap: Bootstrap Your macOS Development System
1.65 GEEK