Do you know for sure who is committing code to your repository? Unless your team signs their code commits, the answer is probably no, because anyone can spoof a Git committer name with just a few terminal commands. The good news is that setting up Git commit signing just got waayyy easier.
We're excited to announce that 1Password now allows you to set up and use SSH keys to sign Git commits directly from 1Password. And with GitHub now offering signature verification via SSH keys, you can get that beautiful green verified badge next to your commits in seconds. No GPG keys required.
As always, we’d love to hear your thoughts and feedback.