I’ve been using Keybase.io (you can find me there as JPry) for a little while now, and it occurred to me that I really should be signing my commits with Git. So last week I decided to set that up, and it was easier than I expected.
This is the short version of what I did (approximately), and in the future I hope to make this into a more detailed tutorial:
brew cask install keybase– Install the Keybase app using Homebrew
brew cask install gpg-suite– Install the GPG suite
keybase pgp gen– Create a new GPG key (I didn’t already have one)
- Grab the public key using
keybase pgp export, then feed it into GitHub.
git config --global user.signingkey <my_key_ID>– Tell my local git to use my GPG key for signing
git config --global commit.gpgsign true– Enable GPG commit signing
What you end up with are commits that have the “Verified” label in GitHub, which is an affirmation that I was actually the one who made those commits.