This version of GitHub Enterprise will be discontinued on This version of GitHub Enterprise was discontinued on 2020-01-22. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise. For help with the upgrade, contact GitHub Enterprise support.

About required commit signing

Required commit signing ensures that collaborators can only push verified signed commits to a protected branch.

Protected branches are available in public repositories with GitHub Free, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server.

If you've enforced branch protections in your repository, you can set up required commit signing. For more information, see "Configuring protected branches."

When you enable required commit signing on a branch, contributors can only push local commits to the branch if they are signed and verified. Contributors can merge signed and verified commits using the GitHub Enterprise web interface. For more information about signing commits, see "About commit signature verification."

Note: Enabling required commit signing on a branch will make it more difficult to contribute. If a collaborator pushes an unsigned commit to a branch that has required commit signing enabled, they will need to rebase their commit to include a verified signature and force push the rewritten commit to the branch.

Administrators of a repository can push local commits that have not been signed and verified, however you can require administrators to be subject to required commit signing. For more information, see "Enabling required commit signing."

Further reading

Ask a human

Can't find what you're looking for?

Contact us