This article is the last of a series I started a few weeks ago.
Here they are the previous articles
Why you should sign your commits, and not only how.
Christophe Colombier ・ Apr 26
#github
#git
#security
#privacy
Git: The complete guide to sign your commits with an SSH key
Christophe Colombier ・ Apr 7
#git
#ssh
#tutorial
This article is about how configuring GitHub to validate your commits and get the verified badge. So I assume you have followed the previous tutorial and you now have a public SSH key and you already activated the SSH signing on git. So your commits are signed now. (Please refer to previous article if you didn't yet.) And we are about to tell GitHub that this signature is yours.
Once you have a public SSH key, it's pretty easy:
- Go to GitHub
- click on your profile photo in the upper-right corner, and select Settings.
- In the sidebar, click on SSH and GPG keys.
- Click on New SSH key or Add SSH key.
- In the Title field, add a descriptive label for the key (e.g., "Personal laptop").
- select "Signing Key" in the key type. ⚠️⚠️⚠️
- Paste your public key into the Key field. You must paste the content of the file in
.pub
file extension. - Click Add SSH key to save the key to your GitHub account.
- And that's it. Your signed commits will be verified on GitHub.
I noticed a few delay between the activation and the badge displays