Sign commits and tags with SSH keys
Configure Git
If you would like to configure signing your commits and tags with SSH keys globally for all repositories, follow the steps from the Global configuration section below. If you would like to configure signing your commits and tags with SSH keys locally for a single repository, follow the steps from the Local configuration section below.
Global configuration
You first need to tell git that you’re going to use an SSH key for signing commits:
git config --global gpg.format ssh
Next, specify the SSH key that you wish to sign commits and tags with:
git config --global user.signingkey ~/.ssh/<name_of_ssh_key>.pub
Local configuration
You first need to tell git that you’re going to use an SSH key for signing commits. Run the following commands in the directory of the repository for which you want to enable commit and tag signing with SSH keys:
git config gpg.format ssh
Next, specify the SSH key that you wish to sign commits and tags with:
git config user.signingkey ~/.ssh/<name_of_ssh_key>.pub
Sign commits
To sign a single commit, add the -S
flag when making a commit.
git commit -S -m "My signed commit"
If you want to sign all commits for a single repository by default, run the following command in a directory within the repository:
git config commit.gpgsign true
If you want to enable the setting for all repositories, you can run this command from anywhere on your computer:
git config --global commit.gpgsign true
Sign tags
To sign a tag, add the -s
flag when making a tag:
git tag -s my-signed-tag