Skip to content

How to Autosign git commits

In the light of the recent PHP Git server situation, teams are double-downing on signing commits. Signing your commit with your GPG key lets your team know that this code came from the person whose name is on the commit and the code has not been tampered with.

Normally you would just use:

git commit -S -m'My Git message

This will prompt you for the gpg passphrase and sign your commit. As developers though, we like to automate things. well, I know I do. Here is how you autosign your commits.

First you need your GPG key. Mine shows up in the output below the sec line and above the uid.

 gpg --list-secret-keys --keyid-format LONG

Next, set the signingkey and gpgsign value in the git config:

git config --global user.signingKey XXXXXXX
git config --global commit.gpgSign true

Replacing XXXXXXX with your GPG keyid of course.

I hope this helps!

Published inPHP

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *