Managing GPG verification for Codespaces

You can allow GitHub to automatically use GPG to sign commits you make in your codespaces, so other people can be confident that the changes come from a trusted source.

Note: Codespaces is currently in limited public beta and subject to change. For more information about joining the beta, see "About Codespaces."

After you enable GPG verification, GitHub will automatically sign commits you make in Codespaces, and the commits will have a verified status on GitHub. By default, GPG verification is disabled for codespaces you create. You can choose to allow GPG verification for all repositories or specific repositories. Only enable GPG verification for repositories that you trust. For more information about GitHub-signed commits, see "About commit signature verification."

  1. In the upper-right corner of any page, click your profile photo, then click Settings. Settings icon in the user bar
  2. In the left sidebar, click Codespaces. Codespaces tab in the user settings sidebar
  3. Under "GPG verification", select the setting you want for GPG verification. Radio buttons to manage GPG verification
  4. If you chose "Selected repositories", select the drop-down menu, then click a repository you want enable GPG verification for. Repeat for all repositories you want to enable GPG verification for. "Selected repositories" drop-down menu

Did this doc help you?Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.