Sign commits and tags with SSH keys
In Bitbucket Data Center, you can use personal SSH keys not only to access a Bitbucket instance but also to sign your commits and tags.
Prerequisites
Here’s what you need to start signing your commits and tags with SSH keys:
Git version 2.34 or later
OpenSSH 8.0 or later
A personal SSH key added to your Bitbucket account to sign your tags and commits. If you don’t yet have an SSH key to use, learn how to create it and add it to your account.
Configure Git
If you would like to configure signing your commits and tags with SSH keys globally for all repositories, follow the steps from the Global configuration section below. If you would like to configure signing your commits and tags with SSH keys locally for a single repository, follow the steps from the Local configuration section below.
Global configuration
You first need to tell git that you’re going to use an SSH key for signing commits:
git config --global gpg.format sshNext, specify the SSH key that you wish to sign commits and tags with:
git config --global user.signingkey ~/.ssh/<name_of_ssh_key>.pub Local configuration
You first need to tell git that you’re going to use an SSH key for signing commits. Run the following commands in the directory of the repository for which you want to enable commit and tag signing with SSH keys:
git config gpg.format sshNext, specify the SSH key that you wish to sign commits and tags with:
git config user.signingkey ~/.ssh/<name_of_ssh_key>.pub Sign commits
To sign a single commit, add the -S flag when making a commit.
git commit -S -m "My signed commit"If you want to sign all commits for a single repository by default, run the following command in a directory within the repository:
git config commit.gpgsign true
If you want to enable the setting for all repositories, you can run this command from anywhere on your computer:
git config --global commit.gpgsign true
Sign tags
To sign a tag, add the -s flag when making a tag:
git tag -s my-signed-tag