| title | intro | redirect_from | versions | topics | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Signing commits |
You can sign commits locally using GPG, SSH, or S/MIME. |
|
|
|
{% data reusables.gpg.desktop-support-for-commit-signing %}
Tip
To configure your Git client to sign commits by default for a local repository, in Git versions 2.0.0 and above, run git config commit.gpgsign true. To sign all commits by default in any local repository on your computer, run git config --global commit.gpgsign true.
To store your GPG key passphrase so you don't have to enter it every time you sign a commit, we recommend using the following tools:
- For Mac users, the GPG Suite allows you to store your GPG key passphrase in the macOS Keychain.
- For Windows users, the Gpg4win integrates with other Windows tools.
You can also manually configure gpg-agent to save your GPG key passphrase, but this doesn't integrate with macOS Keychain like ssh-agent and requires more setup.
If you have multiple keys or are attempting to sign commits or tags with a key that doesn't match your committer identity, you should tell Git about your signing key.
-
When committing changes in your local branch, add the -S flag to the git commit command:
$ git commit -S -m "YOUR_COMMIT_MESSAGE" # Creates a signed commit
-
If you're using GPG, after you create your commit, provide the passphrase you set up when you generated your GPG key.
-
When you've finished creating commits locally, push them to your remote repository on {% data variables.product.github %}:
$ git push # Pushes your local commits to the remote repository -
On {% data variables.product.github %}, navigate to your pull request. {% data reusables.repositories.review-pr-commits %}
-
To view more detailed information about the verified signature, click Verified.
