Introduction
Signing your GitHub commits adds an extra layer of authenticity and integrity to your codebase. In this article, we’ll explore how to sign your commits using your existing SSH key, without the need to create a separate GPG key. However, please note that SSH signature verification requires Git 2.34 or later.
Add your key to your GitHub account
If you haven’t already done so, follow the steps below to add your public key to your GitHub account for authentication and signing purposes: Refer to the GitHub documentation on Adding a new SSH key to your GitHub account and follow the instructions provided.
Configure your system with your ssh key as signing key
GitHub also took care of this in the following documentation page Telling Git about your SSH key.
To configure Git to use your SSH key as the signing key, perform the following steps:
- Open the Terminal.
- Set the
gpg.formatconfiguration to “ssh” by executing the following command:git config --global gpg.format ssh - Substitute the path to your key with the appropriate value. For example, if your SSH key is located in the
$HOME/.ssh/directory, run the following command:git config --global user.signingkey /PATH/TO/.SSH/KEY.PUB
Note: You can also use the --local flag instead of --global to add the configuration only to a specific repository.
My Example
Here’s an example of configuring your system with an SSH key as the signing key:
git config --global gpg.format ssh
git config --global user.signingkey /Users/a418/.ssh/id_rsa.pub
Signing git commits (manually)
By following the previous steps, your system is now capable of signing commits. However, the signing process won’t happen automatically—you need to sign each commit explicitly while creating the commit message. Use the -S flag as shown in the example below:
git commit -S -m "feat: Implemented new version of bad SKYNET"
Signing all git commits (automatically)
To configure Git to sign all your commits automatically, eliminating the need for the -S flag each time, modify the $HOME/.gitconfig file on your system as follows:
[user]
signingKey = /Users/a418/.ssh/id_rsa.pub
[gpg]
format = ssh
[commit]
gpgsign = true
The crucial part is the [commit] section, where the gpgsign property is set to true.
Configure git commit signing in Intellij IDEA
Note: This reflects only the current state as of IntelliJ IDEA 2023.1.2 or earlier.
As of the current IntelliJ IDEA version, there is no built-in UI for configuring commit signing with ssh. Therefore, to set up the signing key, either configure it per project or follow the global configuration steps mentioned earlier. IntelliJ IDEA automatically detects the gitconfig settings when committing.