Few repositories I use required all tags to be signed and sometimes I forget to add the <code>-s</code> to <code>git tag</code>, or even worse, I create the tag using a git GUI that has no idea about tags. Is there a way to configure GIT to always sign tags? I mention that I tried adding the below hack(s) to <code>.gitconfig</code> but it didn't had any effect, tags were created without signing unless I mentioned manually the -s on the cli. <pre class="prettyprint"><code>[alias] tag = tag -s [tag] forceSignAnnotated = true [commit] gpgsign = true </code></pre>

Update for Git 2.23 (Q3 2019), you now have <code>git config tag.gpgSign true</code>! <hr> Original answer (June 2018) While there is no "signed by default" mode for git tag, the documentation mentions: <blockquote> Once you have a private key to sign with, you can configure Git to use it for signing things by setting the user.signingkey config setting. </blockquote> <pre class="prettyprint"><code>git config --global user.signingkey 0A46826A </code></pre> <blockquote> By default, <code>git tag</code> in sign-with-default mode (<code>-s</code>) will use your committer identity (of the form <code>Your Name <your@email.address></code>) to find a key. If you want to use a different default key, you can specify it in the repository configuration as follows: </blockquote> <pre class="prettyprint"><code>[user] signingKey = <gpg-keyid> </code></pre> Note: if you create your tag with the <code>-m</code> option (<code>tag -m "a comment" myTag</code>), that make them annotated. From <code>git tag</code> man page: <blockquote> If <code>-m <msg></code> or <code>-F <file></code> is given and <code>-a</code>, <code>-s</code>, and <code>-u <keyid></code> are absent, <code>-a</code> is implied. </blockquote> So you could: <ul> <li> not define an alias for git tag (not <code>add -s</code>)</li> <li>set from terminal <code>git config tag.forceSignAnnotated true</code> </li> </ul> That way, any <code>git tag -m "a comment" myTag</code> will trigger the gpgpSign. Only for annotated tag, but since those are ones which are supposed to be not just local to your repo but also pushed, that should be enough.

<pre class="prettyprint"><code>[alias] tag = tag -s </code></pre> You cannot override a builtin command with an alias. Use a different name for the alias: <pre class="prettyprint"><code>[alias] stag = tag -s </code></pre> As for <pre class="prettyprint"><code>[tag] forceSignAnnotated = true </code></pre> this forces annotated tags to be signed but you have to create annotated tags with <code>git tag -a</code> which is not much better that <code>git tag -s</code>.

How to I configure git to always sign tags?

Few repositories I use required all tags to be signed and sometimes I forget to add the -s to git tag, or even worse, I create the tag using a git GUI that has no idea about tags.

Is there a way to configure GIT to always sign tags?

I mention that I tried adding the below hack(s) to .gitconfig but it didn't had any effect, tags were created without signing unless I mentioned manually the -s on the cli.

[alias]
tag = tag -s

[tag]
forceSignAnnotated = true

[commit]
gpgsign = true

How do I sign a commit by default?

To sign all commits by default in any local repository on your computer, run git config --global commit. gpgsign true .

What is signing key in git?

Once you have a private key to sign with, you can configure Git to use it for signing things by setting the user. signingkey config setting. $ git config --global user. signingkey 0A46826A!

How tags can be used in git?

Tags are ref's that point to specific points in Git history. Tagging is generally used to capture a point in history that is used for a marked version release (i.e. v1. 0.1). A tag is like a branch that doesn't change.

Update for Git 2.23 (Q3 2019), you now have git config tag.gpgSign true!

Original answer (June 2018)

While there is no "signed by default" mode for git tag, the documentation mentions:

Once you have a private key to sign with, you can configure Git to use it for signing things by setting the user.signingkey config setting.

git config --global user.signingkey 0A46826A

By default, git tag in sign-with-default mode (-s) will use your committer identity (of the form Your Name <[email protected]>) to find a key.
If you want to use a different default key, you can specify it in the repository configuration as follows:

[user]
    signingKey = <gpg-keyid>

Note: if you create your tag with the -m option (tag -m "a comment" myTag), that make them annotated.

From git tag man page:

If -m <msg> or -F <file> is given and -a, -s, and -u <keyid> are absent, -a is implied.

So you could:

not define an alias for git tag (not add -s)
set from terminal git config tag.forceSignAnnotated true

That way, any git tag -m "a comment" myTag will trigger the gpgpSign.
Only for annotated tag, but since those are ones which are supposed to be not just local to your repo but also pushed, that should be enough.

[alias]
tag = tag -s

You cannot override a builtin command with an alias. Use a different name for the alias:

[alias]
stag = tag -s

As for

[tag]
forceSignAnnotated = true

this forces annotated tags to be signed but you have to create annotated tags with git tag -a which is not much better that git tag -s.

How to I configure git to always sign tags?

Tags:

git

git-tag

git-config

sorin

People also ask

2 Answers

VonC

phd

Recent Activity

Donate For Us

How to I configure git to always sign tags?

Tags:

git

git-tag

git-config

sorin

People also ask

2 Answers

VonC

phd

Related questions

Recent Activity

Donate For Us