I’ve been using Keybase.io (you can find me there as JPry) for a little while now, and it occurred to me that I really should be signing my commits with Git. So last week I decided to set that up, and it was easier than I expected.
This is the short version of what I did (approximately), and in the future I hope to make this into a more detailed tutorial:
brew cask install keybase
– Install the Keybase app using Homebrewbrew cask install gpg-suite
– Install the GPG suitekeybase pgp gen
– Create a new GPG key (I didn’t already have one)- Grab the public key using
keybase pgp export
, then feed it into GitHub. git config --global user.signingkey <my_key_ID>
– Tell my local git to use my GPG key for signinggit config --global commit.gpgsign true
– Enable GPG commit signing
What you end up with are commits that have the “Verified” label in GitHub, which is an affirmation that I was actually the one who made those commits.
Leave a Reply