Source: cloudwithchris.medium.com
Using GPG Keys to sign Git Commits — Part 3Category: encryption, github
As a quick recap, part 1 focused on why we would consider using GPG Keys in general.
This post (part 3) focuses on using those keys as part of our usual development workflow using Git.
For these next steps to work, you will need to make sure that one of the e-mail addresses used in the GPG Key is also associated with your GitHub account.
When adding the GPG Key information to GitHub, make sure that you add the Public Key component and not the Private Key!
Assuming that the Public Key in the GPG Keys section of your GitHub account corresponds with the Private Key used to sign the commits, then you will notice that commits will be marked as verified in the GitHub user interface.
This post (part 3) focuses on using those keys as part of our usual development workflow using Git.
For these next steps to work, you will need to make sure that one of the e-mail addresses used in the GPG Key is also associated with your GitHub account.
When adding the GPG Key information to GitHub, make sure that you add the Public Key component and not the Private Key!
Assuming that the Public Key in the GPG Keys section of your GitHub account corresponds with the Private Key used to sign the commits, then you will notice that commits will be marked as verified in the GitHub user interface.
Related Articles
Community Partners
DevOps Careers