Article version: Enterprise Server 2.14

This version of GitHub Enterprise will be discontinued on This version of GitHub Enterprise was discontinued on 2019-07-12. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise. For help with the upgrade, contact GitHub Enterprise support.

Managing commit signature verification

You can sign your work locally using GPG. GitHub Enterprise will verify these signatures so other people will know that your commits come from a trusted source.

About commit signature verification

Using GPG, you can sign tags and commits locally. These tags or commits are marked as verified on GitHub Enterprise so other people can trust that the changes come from a trusted source.

Checking for existing GPG keys

Before you generate a GPG key, you can check to see if you have any existing GPG keys.

Generating a new GPG key

If you don't have an existing GPG key, you can generate a new GPG key to use for signing commits and tags.

Adding a new GPG key to your GitHub account

To configure your GitHub Enterprise account to use your new (or existing) GPG key, you'll also need to add it to your GitHub Enterprise account.

Telling Git about your signing key

To sign commits locally, you need to inform Git that there's a GPG key you'd like to use.

Associating an email with your GPG key

Your GPG key must be associated with a GitHub Enterprise verified email that matches your committer identity.

Signing commits

You can sign commits locally using GPG.

Signing tags

You can sign tags locally using GPG.

Ask a human

Can't find what you're looking for?

Contact us