Menu
Few repositories I use required all tags to be signed and sometimes I forget to add the -s to git tag, or even worse, I create the tag using a git GUI that has no idea about tags.
Is there a way to configure GIT to always sign tags?
I mention that I tried adding the below hack(s) to .gitconfig but it didn't had any effect, tags were created without signing unless I mentioned manually the -s on the cli.
[alias]
tag = tag -s
[tag]
forceSignAnnotated = true
[commit]
gpgsign = true
224
To sign all commits by default in any local repository on your computer, run git config --global commit. gpgsign true .
Once you have a private key to sign with, you can configure Git to use it for signing things by setting the user. signingkey config setting. $ git config --global user. signingkey 0A46826A!
Tags are ref's that point to specific points in Git history. Tagging is generally used to capture a point in history that is used for a marked version release (i.e. v1. 0.1). A tag is like a branch that doesn't change.
Update for Git 2.23 (Q3 2019), you now have git config tag.gpgSign true!
Original answer (June 2018)
While there is no "signed by default" mode for git tag, the documentation mentions:
Once you have a private key to sign with, you can configure Git to use it for signing things by setting the user.signingkey config setting.
git config --global user.signingkey 0A46826A
By default,
git tagin sign-with-default mode (-s) will use your committer identity (of the formYour Name <[email protected]>) to find a key.
If you want to use a different default key, you can specify it in the repository configuration as follows:
[user]
signingKey = <gpg-keyid>
Note: if you create your tag with the -m option (tag -m "a comment" myTag), that make them annotated.
From git tag man page:
If
-m <msg>or-F <file>is given and-a,-s, and-u <keyid>are absent,-ais implied.
So you could:
add -s)git config tag.forceSignAnnotated true
That way, any git tag -m "a comment" myTag will trigger the gpgpSign.
Only for annotated tag, but since those are ones which are supposed to be not just local to your repo but also pushed, that should be enough.
90
[alias]
tag = tag -s
You cannot override a builtin command with an alias. Use a different name for the alias:
[alias]
stag = tag -s
As for
[tag]
forceSignAnnotated = true
this forces annotated tags to be signed but you have to create
annotated tags with git tag -a which is not much better that git tag -s.
3
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
