How to Sign Your Git Commits

And why you should do it

Even if you don’t know about signed Git commits, you might have seen the screen above on GitHub.

Let’s leave everything else aside from a moment — isn’t it oddly satisfying to have a large, green “Verified” badge on your work?

Making a commit verified, or to be more precise, signed, is not as hard as you might think. Just as it sounds, signed commits are well, signed, cryptographically using a GPG key.

Why Sign Git Commits?

Before we get into the how let’s talk for a moment about why you should sign your Git commits. Besides the desire to get that green “Verified” badge on your work on GitHub, there are some concrete benefits.

When you commit a change with Git, it accepts as author whatever value you want. This means you could claim to be whoever you want when you create a commit.

For example, here’s a repo I just created. As you can see, my esteemed colleague and friend @MartinWoodward from GitHub committed in it right away: