Git Sign Commits With SSH#

First, make sure that your pubkey is present in Gitlab.

Get the MD5 hash of your key file:

ssh-keygen -Emd5 -lf ~/.ssh/ | rg '.*MD5:(\S+) .*' -r '$1'

In Gitlab, navigate to Profile > SSH Keys, e.g. -/profile/keys, and look for the above md5 hash.

Next, tell git to always sign with your SSH key:

git config --global gpg.format ssh
git config --global user.signingkey ~/.ssh/
git config --global commit.gpgsign true

Use a global allowed_signers file to verify commits locally:

touch ~/.ssh/allowed_signers
git config gpg.ssh.allowedSignersFile ~/.ssh/allowed_signers
echo "$(git config --get namespaces=\"git\" $(cat ~/.ssh/" >> ~/.ssh/allowed_signers

In some repo:

git commit
git log --show-signature