I just finished securing my GitHub workflow by setting up verified commits using Kleopatra and followed this awesome guide: YouTube Verified Commits on GitHub from Windows PC

Why verified commits?
Having a green checkmark next to your commits on GitHub isn't just for show. It tells everyone that your changes are coming from a trusted source, adding an extra layer of security to your projects. This is especially important for open-source contributions or collaborative work.

Kleopatra to the rescue!
Kleopatra is a fantastic tool for managing GPG keys on Windows. The video walks you through the entire process, from installing GPG4Win (which includes Kleopatra) to generating your key and configuring it with GitHub.

My experience:
Overall, the process was smooth sailing. The guide provides clear instructions, and using Kleopatra made managing the keys a breeze. Now I can push my commits with confidence, knowing they're cryptographically signed and verifiable.

Feeling secure?
If you're looking to add some extra security to your GitHub workflow, I highly recommend checking out verified commits with Kleopatra. It's a worthwhile investment for any developer!

P.S.
Have any of you tried verified commits before? Let me know your thoughts in the comments!