Setup GPG to sign commits within SourceTree
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
This page aims to explain how to setup GPG to sign commits within SourceTree.
Solution
Install GPGTools https://gpgtools.org
Create or import a GPG key
SourceTree Only
Open the Repository/Repository Settings dialog
Open the Security tab
Check "Enable GPG key signing for commits"
Select your preferred key.
When next committing, check the "Sign Commit" "Commit Option"
Command line Git
The automatically signing your git commits page provides a guide to setup commit signing when using command line Git.
Check that the commits are now signed
If SourceTree is correctly configured to sign commits, when committing a file you see the following screens:
The
-c gpg.program=/Applications/SourceTree.app/Contents/Resources/bin/stgpg.sh commit -q --gpg-sign=FAE3579EEA1C6363command line options identify a signed Git commit:1git -c diff.mnemonicprefix=false -c core.quotepath=false -c credential.helper=sourcetree -c gpg.program=/Applications/SourceTree.app/Contents/Resources/bin/stgpg.sh commit -q --gpg-sign=FAE3579EEA1C6363 -F /var/folders/jw/5wfdcdr137q_hh1jw5nzcyvw0000gp/T/SourceTreeTemp.LiStAR
Was this helpful?