sign git commits - 06-08-22
Who doesn’t want the cool “verified” badge in Gitlab.
coolness badge
To get this we must sign our commits via gpg.
Step 1: Figure out which key you are going to use
$ gpg --list-keys
pub rsa3072 2020-01-01 [SC] [expires: 2030-01-01]
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
uid [ultimate] Travis Shears <travis.shears@cool-company.com>
sub rsa3072 2020-01-01 [E] [expires: 2030-01-01]
pub rsa2048 2020-01-01 [SC] [expires: 2030-01-01]
BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB
uid [ultimate] Travis Shears <t@travisshears.com>
sub rsa2048 2020-01-01 [E] [expires: 2030-01-01]
In this case I’ll use key travis.shears@cool-company.com.
Step two: Configure git to sign commits with the gpg key
Edit your ~/.gitconfig to look something like this
[user]
name = Travis Shears
email = travis.shears@cool-company.com
signingkey = AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
[commit]
gpgsign = true
We added the signingkey so git knows which key to use and we specified gpgsign so git knows we want to sign all commits.
Step three: Copy your public gpg key to clipboard
$ gpg --armor --export AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA | pbcopy
You can also do it with the email of the key
$ gpg --armor --export travis.shears@cool-company.com | pbcopy
Step four: Paste your public gpg key into settings page of your favorite version control site, ex: Github, Gitlab, Source Hut.