In the light of the recent PHP Git server situation, teams are double-downing on signing commits. Signing your commit with your GPG key lets your team know that this code came from the person whose name is on the commit and the code has not been tampered with.
Normally you would just use:
git commit -S -m'My Git message‘
This will prompt you for the gpg passphrase and sign your commit. As developers though, we like to automate things. well, I know I do. Here is how you autosign your commits.
First you need your GPG key. Mine shows up in the output below the
sec line and above the
gpg --list-secret-keys --keyid-format LONG
Next, set the signingkey and gpgsign value in the git config:
git config --global user.signingKey XXXXXXX git config --global commit.gpgSign true
XXXXXXX with your GPG keyid of course.
I hope this helps!
Be First to Comment