| CARVIEW |
Select Language
HTTP/2 301
content-length: 0
location: https://docs.github.com/articles/signing-commits-with-gpg/
HTTP/2 301
access-control-allow-origin: *
content-security-policy: default-src 'none';prefetch-src 'self';connect-src 'self';font-src 'self' data:;img-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com data: placehold.it;object-src 'self';script-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com 'self' data: 'unsafe-inline';script-src-attr 'self';frame-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com https://support.github.com https://www.youtube-nocookie.com;frame-ancestors 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com;style-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com 'self' 'unsafe-inline' data:;child-src 'self';manifest-src 'self';upgrade-insecure-requests;base-uri 'self';form-action 'self'
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
cache-control: public, max-age=60
location: /articles/signing-commits-with-gpg
content-type: text/plain; charset=utf-8
x-github-backend: Kubernetes
x-github-request-id: F50F:3B04CF:9F3647:D37E4A:68E9AF27
accept-ranges: bytes
age: 0
date: Sat, 11 Oct 2025 01:13:12 GMT
via: 1.1 varnish
x-served-by: cache-bom-vanm7210073-BOM
x-cache: MISS
x-cache-hits: 0
x-timer: S1760145191.939652,VS0,VE1365
vary: Accept
strict-transport-security: max-age=31557600
content-length: 68
HTTP/2 302
access-control-allow-origin: *
content-security-policy: default-src 'none';prefetch-src 'self';connect-src 'self';font-src 'self' data:;img-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com data: placehold.it;object-src 'self';script-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com 'self' data: 'unsafe-inline';script-src-attr 'self';frame-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com https://support.github.com https://www.youtube-nocookie.com;frame-ancestors 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com;style-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com 'self' 'unsafe-inline' data:;child-src 'self';manifest-src 'self';upgrade-insecure-requests;base-uri 'self';form-action 'self'
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
cache-control: public, max-age=60
location: /en/authentication/managing-commit-signature-verification
content-type: text/plain; charset=utf-8
x-github-backend: Kubernetes
x-github-request-id: 5933:273DE9:99A8C1:CE12B3:68E9AF28
accept-ranges: bytes
age: 0
date: Sat, 11 Oct 2025 01:13:13 GMT
via: 1.1 varnish
x-served-by: cache-bom-vanm7210073-BOM
x-cache: MISS
x-cache-hits: 0
x-timer: S1760145192.320569,VS0,VE1274
vary: accept-language, x-user-language, Accept
strict-transport-security: max-age=31557600
content-length: 79
HTTP/2 200
access-control-allow-origin: *
content-security-policy: default-src 'none';prefetch-src 'self';connect-src 'self';font-src 'self' data:;img-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com data: placehold.it;object-src 'self';script-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com 'self' data: 'unsafe-inline';script-src-attr 'self';frame-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com https://support.github.com https://www.youtube-nocookie.com;frame-ancestors 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com;style-src 'self' github.com *.github.com *.githubusercontent.com *.githubassets.com 'self' 'unsafe-inline' data:;child-src 'self';manifest-src 'self';upgrade-insecure-requests;base-uri 'self';form-action 'self'
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
cache-control: public, max-age=60
x-powered-by: Next.js
content-type: text/html; charset=utf-8
x-github-backend: Kubernetes
x-github-request-id: D77E:332D3B:9FC32F:D41569:68E9AF00
content-encoding: gzip
accept-ranges: bytes
age: 1
date: Sat, 11 Oct 2025 01:13:14 GMT
via: 1.1 varnish
x-served-by: cache-bom-vanm7210073-BOM
x-cache: MISS
x-cache-hits: 0
x-timer: S1760145194.608212,VS0,VE1283
vary: Accept-Encoding
strict-transport-security: max-age=31557600
content-length: 18749
Managing commit signature verification - GitHub Docs
Skip to main content
GitHub Docs
Search or ask Copilot
Select language: current language is English
Search or ask Copilot
Open menu
Open Sidebar
Managing commit signature verification
GitHub will verify GPG, SSH, or S/MIME signatures so other people will know that your commits come from a trusted source. GitHub will automatically sign commits you make using the web interface.
About commit signature verification
Using GPG, SSH, or S/MIME, you can sign tags and commits locally. These tags or commits are marked as verified on GitHub so other people can be confident that the changes come from a trusted source.
Displaying verification statuses for all of your commits
You can enable vigilant mode for commit signature verification to mark all of your commits and tags with a signature verification status.
Checking for existing GPG keys
Before you generate a GPG key, you can check to see if you have any existing GPG keys.
Generating a new GPG key
If you don't have an existing GPG key, you can generate a new GPG key to use for signing commits and tags.
Adding a GPG key to your GitHub account
To configure your account on GitHub to use your new (or existing) GPG key, you'll also need to add the key to your account.
Telling Git about your signing key
To sign commits locally, you need to inform Git that there's a GPG, SSH, or X.509 key you'd like to use.
Associating an email with your GPG key
Your GPG key must be associated with a verified email that matches your committer identity.
Signing commits
You can sign commits locally using GPG, SSH, or S/MIME.
Signing tags
You can sign tags locally using GPG, SSH, or S/MIME.