sohang3112/gpg_sign_commits_github.md

Created December 3, 2025 12:09

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Select an option

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/sohang3112/a10d80c1a386e381bfe1935feb54cb90.js"></script>
Save sohang3112/a10d80c1a386e381bfe1935feb54cb90 to your computer and use it in GitHub Desktop.

Download ZIP

GitHub: Create GPG key and sign commits with it (required by some open source projects)

Raw

gpg_sign_commits_github.md

Generate new GPG key on laptop:

$ gpg --full-generate-key
$ gpg --list-secret-keys --keyid-format=long
$ gpg --armor --export GPG_KEY_ID    # get key id from prev list command - see details in above link

Copy output of last command (gpg armor export). Go to Github > Settings > SSH and GPG Keys > New GPG Key and paste it.

NOTE: To avoid hassle, I kept passphrase blank.

Sign commits with GPG Key:

$ cd /path/to/repo
$ git config commit.gpgsign true
$ git config user.signingkey GPG_SIGNING_KEY      # signing key is the "subkeys" shown in github after adding gpg key
$ git commit -m 'message'    # or to sign existing commit: git commit --amend

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

sohang3112/gpg_sign_commits_github.md

Select an option

No results found

Select an option

No results found