This version of GitHub Enterprise Server was discontinued on 2024-07-09. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise Server. For help with the upgrade, contact GitHub Enterprise support.

Telling Git about your signing key

To sign commits locally, you need to inform Git that there's a GPG, SSH, or X.509 key you'd like to use.

Platform navigation

In this article

Telling Git about your GPG key

If you're using a GPG key that matches your committer identity and your verified email address associated with your account on your GitHub Enterprise Server instance, then you can begin signing commits and signing tags.

If you don't have a GPG key that matches your committer identity, you need to associate an email with an existing key. For more information, see "Associating an email with your GPG key".

If you have multiple GPG keys, you need to tell Git which one to use.

  1. Open Terminal.

  2. If you have previously configured Git to use a different key format when signing with --gpg-sign, unset this configuration so the default format of openpgp will be used.

    git config --global --unset gpg.format

  3. Use the gpg --list-secret-keys --keyid-format=long command to list the long form of the GPG keys for which you have both a public and private key. A private key is required for signing commits or tags.

    Shell
    gpg --list-secret-keys --keyid-format=long

    Note: Some GPG installations on Linux may require you to use gpg2 --list-keys --keyid-format LONG to view a list of your existing keys instead. In this case you will also need to configure Git to use gpg2 by running git config --global gpg.program gpg2.

  4. From the list of GPG keys, copy the long form of the GPG key ID you'd like to use. In this example, the GPG key ID is 3AA5C34371567BD2:

    Shell
    
$ gpg --list-secret-keys --keyid-format=long
/Users/hubot/.gnupg/secring.gpg
------------------------------------
sec   4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10]
uid                          Hubot <hubot@example.com>
ssb   4096R/4BB6D45482678BE3 2016-03-10

  5. To set your primary GPG signing key in Git, paste the text below, substituting in the GPG primary key ID you'd like to use. In this example, the GPG key ID is 3AA5C34371567BD2:

    git config --global user.signingkey 3AA5C34371567BD2

    Alternatively, when setting a subkey include the ! suffix. In this example, the GPG subkey ID is 4BB6D45482678BE3:

    git config --global user.signingkey 4BB6D45482678BE3!

  6. Optionally, to configure Git to sign all commits by default, enter the following command:

    git config --global commit.gpgsign true

    For more information, see "Signing commits."

  7. To add your GPG key to your .bashrc startup file, run the following command:

    [ -f ~/.bashrc ] && echo -e '\nexport GPG_TTY=$(tty)' >> ~/.bashrc

Telling Git about your SSH key

You can use an existing SSH key to sign commits and tags, or generate a new one specifically for signing. For more information, see "Generating a new SSH key and adding it to the ssh-agent."

Note: SSH signature verification is available in Git 2.34 or later. To update your version of Git, see the Git website.

  1. Open Terminal.

  2. Configure Git to use SSH to sign commits and tags:

    git config --global gpg.format ssh

  3. To set your SSH signing key in Git, paste the text below, substituting /PATH/TO/.SSH/KEY.PUB with the path to the public key you'd like to use.

    git config --global user.signingkey /PATH/TO/.SSH/KEY.PUB

Further reading