Setup GPG to sign commits within SourceTree
Purpose
This page aims to explain how to setup GPG to sign commits within SourceTree.
Solution
- Install GPGTools https://gpgtools.org
- Create or import a GPG key
SourceTree Only
- Open the Repository/Repository Settings dialog
- Open the Security tab
- Check "Enable GPG key signing for commits"
- Select your preferred key.
- When next committing, check the "Sign Commit" "Commit Option"
- Open the Repository/Repository Settings dialog
Command line Git
The automatically signing your git commits page provides a guide to setup commit signing when using command line Git.
Check that the commits are now signed
If SourceTree is correctly configured to sign commits, when committing a file you see the following screens:
The
-c gpg.program=/Applications/SourceTree.app/Contents/Resources/bin/stgpg.sh commit -q --gpg-sign=FAE3579EEA1C6363
command line options identify a signed Git commit:git -c diff.mnemonicprefix=false -c core.quotepath=false -c credential.helper=sourcetree -c gpg.program=/Applications/SourceTree.app/Contents/Resources/bin/stgpg.sh commit -q --gpg-sign=FAE3579EEA1C6363 -F /var/folders/jw/5wfdcdr137q_hh1jw5nzcyvw0000gp/T/SourceTreeTemp.LiStAR