Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Forum Discussion
Sign your Git commits with 1Password
Do you know for sure who is committing code to your repository? Unless your team signs their code commits, the answer is probably no, because anyone can spoof a Git committer name with just a few terminal commands. The good news is that setting up Git commit signing just got waayyy easier.
We're excited to announce that 1Password now allows you to set up and use SSH keys to sign Git commits directly from 1Password. And with https://github.blog/changelog/2022-08-23-ssh-commit-verification-now-supported/, you can get that beautiful green verified badge next to your commits in seconds. No GPG keys required.
https://blog.1password.com/git-commit-signing/ and https://developer.1password.com/docs/ssh/git-commit-signing to learn how to get started with Git commit signing via SSH keys in your workflows. Be sure to first update Git to version 2.34 or later.
As always, we’d love to hear your thoughts and feedback.
1 Reply
Thank you for sharing the blog post and quick start video. I was able to get the "Verified" badge on Github setup fairly quickly 😃.
Getting the git signature showing locally was more challenging though and not straight forward on Windows. In the documentation on https://developer.1password.com/docs/ssh/git-commit-signing/#step-2-register-your-public-key it was not immediately obvious to me that you had to setup both GitHub and Locally. It would be cool if the 1password app could automatically configure the global allowed_signers similar to .gitconfig. Additionally on Windows users need to https://github.com/PowerShell/Win32-OpenSSH/wiki/Install-Win32-OpenSSH-Using-MSI otherwise they'll see an https://superuser.com/a/1701320. Lastly the interstitial before the Windows Hello prompt does not look very good and is a bit annoying, it seems much smoother on macOS
