Sign your Git commits with 1Password

Options
ag_tyler
ag_tyler
edited September 2022 in SSH

Do you know for sure who is committing code to your repository? Unless your team signs their code commits, the answer is probably no, because anyone can spoof a Git committer name with just a few terminal commands. The good news is that setting up Git commit signing just got waayyy easier.

We're excited to announce that 1Password now allows you to set up and use SSH keys to sign Git commits directly from 1Password. And with GitHub now offering signature verification via SSH keys, you can get that beautiful green verified badge next to your commits in seconds. No GPG keys required.

Check out this blog post and read our documentation to learn how to get started with Git commit signing via SSH keys in your workflows. Be sure to first update Git to version 2.34 or later.

As always, we’d love to hear your thoughts and feedback.

Comments

  • Khufu_I
    Khufu_I
    Community Member
    Options

    Thank you for sharing the blog post and quick start video. I was able to get the "Verified" badge on Github setup fairly quickly 😃.
    Getting the git signature showing locally was more challenging though and not straight forward on Windows. In the documentation on Step 2: Register your public key it was not immediately obvious to me that you had to setup both GitHub and Locally. It would be cool if the 1password app could automatically configure the global allowed_signers similar to .gitconfig. Additionally on Windows users need to upgrade to OpenSSH 8.6 otherwise they'll see an error Unsupported certificate option "verify-time=20220125190555". Lastly the interstitial before the Windows Hello prompt does not look very good and is a bit annoying, it seems much smoother on macOS

This discussion has been closed.