You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/source-control/git-configuration.md
+13-2Lines changed: 13 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -187,9 +187,19 @@ Add Git SSH key passphrase to Operating System keychain to avoid typing in the p
187
187
188
188
## Commit signing with SSH Key
189
189
190
-
Automatic signing each commit with the authors private key ensures traceability of all changes in the Git repository (prevents commit spoofing). Every company that deals with sensitive data should ensure all commits are signed to provide accountability for all code and configuration commits.
190
+
Automatically signing each commit with the authors private key ensures traceability of all changes in the Git repository (prevents commit spoofing).
191
+
192
+
Every company that deals with sensitive data should ensure all commits are signed to provide accountability for all code and configuration commits.
193
+
194
+
> [:globe_with_meridians: SEGAS-00009](https://engineering.homeoffice.gov.uk/standards/signing-code-commits/){target=_blank} is a United Kingdom Home Office engineering standard that requires all commits be signed.
195
+
196
+
A public SSH key can be registered with a GitHub account as a signing key which is used to validate commits cryptographically signed by the corresponding private key.
197
+
198
+
??? INFO "SSH Key for Authorization and Signing"
199
+
An SSH key can be registered as both an authorization key used to access a remote repository securely and a signing key to validate commits.
200
+
201
+
For extra security, use a separate SSH key for authorization and signing.
191
202
192
-
> [SEGAS-00009](https://engineering.homeoffice.gov.uk/standards/signing-code-commits/) is a United Kingdom Home Office engineering standard that requires all commits be signed.
193
203
194
204
A public SSH key can be registered with a GitHub account as a signing key which is used to validate commits cryptographically signed by the corresponding private key.
195
205
@@ -198,6 +208,7 @@ A public SSH key can be registered with a GitHub account as a signing key which
198
208
199
209
For extra security, use a separate SSH key for authorization and signing.
200
210
211
+
201
212
Use an existing SSH key to sign commits and tags, or generate a new one specifically for signing.
202
213
203
214
Configure Git client to use SSH to sign commits and tags for all local repositories.
0 commit comments