Note: GitHub Desktop only supports commit signing if your Git client is configured to sign commits by default.
Tip
To configure your Git client to sign commits by default for a local repository, in Git versions 2.0.0 and above, run git config commit.gpgsign true
. To sign all commits by default in any local repository on your computer, run git config --global commit.gpgsign true
.
To store your GPG key passphrase so you don't have to enter it every time you sign a commit, we recommend using the following tools:
- For Mac users, the GPG Suite allows you to store your GPG key passphrase in the macOS Keychain.
- For Windows users, the Gpg4win integrates with other Windows tools.
You can also manually configure gpg-agent to save your GPG key passphrase, but this doesn't integrate with macOS Keychain like ssh-agent and requires more setup.
If you have multiple keys or are attempting to sign commits or tags with a key that doesn't match your committer identity, you should tell Git about your signing key.
-
When committing changes in your local branch, add the -S flag to the git commit command:
$ git commit -S -m "YOUR_COMMIT_MESSAGE" # Creates a signed commit
-
If you're using GPG, after you create your commit, provide the passphrase you set up when you generated your GPG key.
-
When you've finished creating commits locally, push them to your remote repository on GitHub Enterprise Server:
$ git push # Pushes your local commits to the remote repository
-
On GitHub Enterprise Server, navigate to your pull request.
-
On the pull request, click Commits.
-
To view more detailed information about the verified signature, click Verified.