In the light of the recent PHP Git server situation, teams are double-downing on signing commits. Signing your commit with your GPG key lets your team know that this code came from the person whose name is on the commit and the code has not been tampered with.
Normally you would just use:
git commit -S -m'My Git message‘
This will prompt you for the gpg passphrase and sign your commit. As developers though, we like to automate things. well, I know I do. Here is how you autosign your commits.
First you need your GPG key. Mine shows up in the output below the sec line and above the uid.
gpg --list-secret-keys --keyid-format LONGNext, set the signingkey and gpgsign value in the git config:
git config --global user.signingKey XXXXXXX
git config --global commit.gpgSign trueReplacing XXXXXXX with your GPG keyid of course.
I hope this helps!
Be First to Comment