👋 We've unified all of GitHub's product documentation in one place! Check out the content for REST API, GraphQL API, and Developers. Learn more on the GitHub blog.
Article version: GitHub.com

Enabling required commit signing

Repository administrators can enforce required commit signing on a branch to block all commits that are not signed and verified.

Protected branches are available in public repositories with GitHub Free and GitHub Free for organizations, and in public and private repositories with GitHub Pro, GitHub Team, GitHub Enterprise Cloud, and GitHub Enterprise Server. For more information, see "GitHub's products."

Were you able to find what you were looking for?

Before enabling required commit signing on a branch, you must first set the branch up as a protected branch. For more information, see "Configuring protected branches."

You can automatically enforce protected branch settings for some or all branches in your repository. For more information, see "Configuring protected branches."

  1. On GitHub, navigate to the main page of the repository.
  2. Under your repository name, click Settings.
    Repository settings button
  3. In the left menu, click Branches.
    Repository options sub-menu
  4. Next to "Branch protection rules", click Add rule.
    Add branch protection rule button
  5. Under "Branch name pattern", type the branch name or pattern you want to protect.
    Branch rule field
  6. Select Require signed commits.
    Require signed commits option
  7. Optionally, select Include administrators. This enforces the required signed commits on the repository administrators.
    Include administrators checkbox
  8. Click Create.

Were you able to find what you were looking for?

Ask a human

Can't find what you're looking for?

Contact us