Purpose

This page aims to explain how to setup GPG to sign commits within SourceTree.

Solution

• Install GPGTools https://gpgtools.org
• Create or import a GPG key

  • SourceTree Only

    • Open the Repository/Repository Settings dialog
      
    • Open the Security tab
      1. Check "Enable GPG key signing for commits"
      2. Select your preferred key.
         
    • When next committing, check the "Sign Commit" "Commit Option"
      

  • Command line Git

    • The automatically signing your git commits page provides a guide to setup commit signing when using command line Git.

       

• Check that the commits are now signed

  • If SourceTree is correctly configured to sign commits, when committing a file you see the following screens:

    

    

    The -c gpg.program=/Applications/SourceTree.app/Contents/Resources/bin/stgpg.sh commit -q --gpg-sign=FAE3579EEA1C6363 command line options identify a signed Git commit:

    git -c diff.mnemonicprefix=false -c core.quotepath=false -c credential.helper=sourcetree -c gpg.program=/Applications/SourceTree.app/Contents/Resources/bin/stgpg.sh commit -q --gpg-sign=FAE3579EEA1C6363 -F /var/folders/jw/5wfdcdr137q_hh1jw5nzcyvw0000gp/T/SourceTreeTemp.LiStAR