Signing Commits and Tags with GPG
Learn how to cryptographically sign your commits and tags so others can verify they truly came from you.
Why Sign Commits?
Git records an author name and email, but anyone can set those to any value. Signing proves a commit really came from you using cryptography.
How Signing Works
You hold a private key. Git attaches a signature created with that key. Others verify it with your public key, confirming authenticity and integrity.
All lessons in this course
- Securing Your Git Workflow
- Handling Sensitive Data (Git LFS)
- Best Practices for Commit Messages
- Signing Commits and Tags with GPG