Managing GPG verification for Codespaces

You can allow GitHub to automatically use GPG to sign commits you make in your codespaces, so other people can be confident that the changes come from a trusted source.

Codespaces is available for organizations using GitHub Team or GitHub Enterprise Cloud. 更多信息请参阅“GitHub 的产品”。

After you enable GPG verification, GitHub will automatically sign commits you make in Codespaces, and the commits will have a verified status on GitHub. By default, GPG verification is disabled for codespaces you create. You can choose to allow GPG verification for all repositories or specific repositories. Only enable GPG verification for repositories that you trust. For more information about GitHub-signed commits, see "About commit signature verification."

Once you enable GPG verification, it will immediately take effect for all your codespaces.

  1. 在任何页面的右上角,单击您的个人资料照片,然后单击 Settings(设置)用户栏中的 Settings 图标
  2. In the left sidebar, click Codespaces. Codespaces tab in the user settings sidebar
  3. Under "GPG verification", select the setting you want for GPG verification. Radio buttons to manage GPG verification
  4. If you chose "Selected repositories", select the drop-down menu, then click a repository you want enable GPG verification for. Repeat for all repositories you want to enable GPG verification for. "Selected repositories" drop-down menu

Note: Once you have enabled GPG verification for Codespaces, you also must append -s to each commit in order for it to be signed. To do this in Visual Studio Code, ensure the "Git: Enable Commit Signing" option is enabled from the Settings.



所有 GitHub 文档都是开源的。看到错误或不清楚的内容了吗?提交拉取请求。


或, 了解如何参与。