Signing git commits gives members of the team you are working with and others depending on the software you write the confidence that the code being committed is indeed written by you and not an imposter.
After [Creating a GPG key pair][1], git can be configured to use the generated key to sign commits and tags, like this:
git config --global user.signingkey <key-id>Where <key-id> must be the id of the key being used.
After this, there are three ways to make git sign commits:
-
Add the
-Sflag on the commits you want to sign:git commit -a -S -m "Commit Message, That is signed" -
Configure
gitto sign all commits automatically for a particular repocd path/to/repo/needing/auto/signs git config commit.gpgsign true -
Configure
gitto sign all commits on all reposgit config --global commit.gpgsign true
Adding the key to the remote repo host (Github, Gitlab) is also recomended.
References: