Skip to content

200 level workshop for Git Merge 2022 around signing and verifying commits and tags with SSH keys.

Notifications You must be signed in to change notification settings

git-merge-workshops/simplify-signing-with-ssh

Repository files navigation

Simplify signing Git commits and tags with SSH keys

@andyfeller

📣 Prerequisites💡 Motivation🎒 Exercises🚀 Beyond📚 Resources

In this workshop, participants learn how to secure Git commits using the new OpenSSH feature. This is an alternative to the traditional method of using GPG and maintaining keys which can be somewhat cumbersome.

Note This workshop was originally presented at Git Merge 2022.

Simplify signing Git commits and tags with SSH keys [Workshop] - Git Merge 2022

📣 Prerequisites

🎒 Exercises

  1. Setup workstation
  2. Signing and verifying commits
  3. Signing and verifying merges
  4. Signing and verifying tags
  5. Signing past commits and tags

🚀 Beyond

  1. 🤔 Author opinion: Enterprise challenges
  2. 🪙 bitcoin/bitcoin verify-commits

    Tooling for verification of PGP signed commits

    This is an incomplete work in progress, but currently includes a pre-push hook script (pre-push-hook.sh) for maintainers to ensure that their own commits are PGP signed (nearly always merge commits), as well as a Python 3 script to verify commits against a trusted keys list.

  3. 💻 andyfeller/gh-ssh-allowed-signers

    A gh extension to generate SSH allowed users file from GitHub users' signing keys.

  4. 🎉 Vendor support
  5. 🔑 1password "Sign your Git commits with 1Password"

    We’re excited to announce that 1Password now allows you to set up and use SSH keys to sign Git commits. And with GitHub supporting SSH key signing as well, you can get that verified badge next to your username in seconds. No GPG keys required. 1password screenshot showing SSH commit signing setup

📚 Resources

✨ Thanks

This effort couldn't have happened without the support from many people, so thank you to the following who helped throughout the creation of this workshop:

@ppremk @leereilly @bval @aaronkowall @bestra @apdarr @evgenyrahman @vcsjones @ashishkeshan @lumaxis @milemons @abelberhane @katiem0 @kevfoste @allthedoll

About

200 level workshop for Git Merge 2022 around signing and verifying commits and tags with SSH keys.

Resources

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published