Github Vigilant Mode Setup
Setting up Github’s vigilant mode
- create GPG key
gpg --full-generate-key
- Pick
RSA
- Enter a key of at least
4096
- Default expiration
- Enter
git config --global user.name
value - Enter
git config --global user.email
value - Add a comment describing it as
Github
or similar
- Add the key to Github
- Retrieve the key ID and copy it into the clipboard.
- Run the follwing and grab the key ID on the
ssb
line.❯ gpg --list-secret-keys --keyid-format=long dan@danielms.site sec rsa4096/XXXXXXXXXXXXXXXX 2022-04-15 [SC] XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX uid [ultimate] Daniel Michaels <dan@danielms.site> ssb rsa4096/XXXXXXXXXXXXXX8B 2022-04-15 [E] <-- copy after rsa4096/
Github expects the Private key file so next retrieve it using gpg --armor --export XXXXXXXXXXXXXX8B
. Copy the output to the clipboard.
Paste it into the GPG keys page inside Github using their guide
- Ensure your commits (and tags) are signed
The easiest way is to setup every commit as signed lest you forget to sign a commit.
git config --global commit.gpgsign true
git config --global user.signingkey ABCDEF01
(where ABCDEF01 is the fingerprint of the key to use)git config --global alias.logs "log --show-signature"
(now available as $ git logs)
Copying GPG key between devices
If you have more than one device and do not want to have several keys but instead use the same key across all devices, there are a few steps.
gpg --list-secret-keys user@example.com
gpg --list-secret-keys user@example.com > private.key
Copy the key to the device using scp
or similar and then install it into the gpg
keychain.
gpg --import private.key
is touted to work however this did not work for me on Ubuntu
20.04.Instead, I found gpg --batch --import private.key
worked as expected.
Deleting tags
If you’re like me and push tags without signing them first (fixed by following the above guide) how do you delete them?
# delete local tag '12345'
git tag -d 12345
# delete remote tag
git push --delete origin tagName
This is a quick down and dirty on setting up GPG keys, git and GitHub.
Keep up to date with my stuff
Subscribe to get new posts and retrospectives