Force git to sign your commits

!
Warning: This post is over 365 days old. The information may be out of date.

Since GitHub puts a nice shiny “Verified” next to your commits if you sign them with GPG, you might be wondering how to get on this bandwagon. Not to worry! With this one simple trick, you’ll never have to remember to type git -S, ever again!

Run the following (substitute your key in the second command):

git config --global commit.gpgsign true
git config --global user.signingkey <KEYHERE>

Did you forget your GPG keys?

gpg --list-keys --keyid-format short

Alternatively, check out my comprehensive GPG guide.

Troubleshooting

If git fails to sign your commit with the following error:

error: gpg failed to sign the data
fatal: failed to write commit object

This is usually due to gpg not being able to find the current shell to launch the password prompt on. To fix this problem, append the following line in your ~/.bashrc or ~/.zshrc, depending on what shell you use:

export GPG_TTY=$(tty)

I’ve also seen this error occur on Visual Studio code if the terminal window’s height is too small for the prompt. Resize the terminal to be longer and it should fix the problem.

Windows

If you are using GPG4Win to manage your GPG keys, you may need to run the following line in the terminal as well:

git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

This makes git use GPG4Win’s gpg.exe executable instead of the one bundled with Git for Windows.

comments