I opted to use an SSH key for signing, mainly because I already had one set up for cloning/pulling/pushing. It also seemed the easiest setup compared to the GPG stuff.
-
Run
git config --global gpg.format ssh git config --global user.signingkey ~/.ssh/<KEY_NAME>.pub git config --global commit.gpgsign true
- Note: If you have multiple configs via
includeIf, and you only want signing for specific hosts, move the newly added items in your~/.gitconfigto the other host-specific config file. - Note: If you're on Windows, the
signingkeypath should be formatted like"C:/Users/<USER>/.ssh/<KEY_NAME>.pub". Surrounded in double quotes, and using forward slashes.
- Note: If you have multiple configs via
-
Go to SSH and GPG keys
- Click on
New SSH key
You should now have your key in the Authentication Key section (from when it was originally added), and in the Signing Key section.Title: (use the same title you used for this key previously) Key type: Signing Key (previously it was added only as an Authentication Key) Key: (paste the contents of your `.pub` key file) (click Add SSH Key)
- Click on
-
Add a new commit to a repo and push it up. You should now see the
Verifiedbadge on that commit.