This guide will walk you through the process of generating a GPG key, exporting it, adding it to your GitLab account, and configuring Git to use the key for signing commits.
-
Make the GPG script executable:
chmod +x /path/to/gpg-key.sh
This command makes the
gpg-key.sh
script executable, allowing it to be run as a program. -
Generate the GPG key:
gpg --batch --generate-key gpg-key.sh
Generates a GPG key using the parameters specified in the
gpg-key.sh
script. This key will be used for signing your Git commits.
-
Export your public GPG key:
gpg --armor --export [email protected]
Exports your public GPG key in an armored format, which is suitable for sharing or adding to services like GitLab.
-
Copy the public key output:
- The exported key will be displayed in the terminal, looking something like this:
-----BEGIN PGP PUBLIC KEY BLOCK----- ... -----END PGP PUBLIC KEY BLOCK-----
Copy this entire block, as you will need it in the next step.
- Log in to your GitLab account:
- Go to your GitLab profile settings.
- Navigate to the "GPG Keys" section.
- Paste the public key you copied in the previous step into the "Add GPG Key" field.
- Save the key to link it with your GitLab account.
-
List your GPG secret keys to find your key ID:
gpg --list-secret-keys --keyid-format LONG
This command lists all your secret GPG keys along with their associated IDs.
-
Identify your GPG key ID:
- Look for the key ID, which appears as a long string after
sec
, for example,70EEA4815B3FB9ED
.
- Look for the key ID, which appears as a long string after
-
Configure Git to use your GPG key:
git config --global user.signingkey 70EEA4815B3FB9ED
Sets your GPG key as the default key for signing commits in Git.
-
Set Git to sign all commits by default:
git config --global commit.gpgSign true
This configuration ensures that all your commits are signed automatically with your GPG key.
-
Amend your last commit to include a GPG signature:
git commit --amend --no-edit -S
If you’ve already made a commit and forgot to sign it, this command allows you to amend the last commit by adding your GPG signature.
-
Push your signed commit to GitLab:
git push origin your-branch:your-branch
Pushes your signed commit to the specified branch on your GitLab repository.
By following these steps, you will successfully generate a GPG key, export it, and configure Git to sign your commits with this key. Signing commits enhances the security and authenticity of your contributions.
- Common Issue: If you encounter errors during GPG key generation, ensure that the
gpg-key.sh
script is executable and correctly formatted. Verify that all required parameters are properly set within the script.