git-commit-signing
Configure and manage git commit signing per repository with the correct user identity and signing method (GPG, SSH, or S/MIME). Use when setting up commit signing for a new repo, switching identities between work/personal projects, troubleshooting signing failures, or enforcing signed commits across a team.
Best use case
git-commit-signing is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Configure and manage git commit signing per repository with the correct user identity and signing method (GPG, SSH, or S/MIME). Use when setting up commit signing for a new repo, switching identities between work/personal projects, troubleshooting signing failures, or enforcing signed commits across a team.
Teams using git-commit-signing should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/git-commit-signing/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How git-commit-signing Compares
| Feature / Agent | git-commit-signing | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Configure and manage git commit signing per repository with the correct user identity and signing method (GPG, SSH, or S/MIME). Use when setting up commit signing for a new repo, switching identities between work/personal projects, troubleshooting signing failures, or enforcing signed commits across a team.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Git Commit Signing
Set up and manage cryptographic commit signing with the right identity for every repository.
## Quick Start
1) **Detect context** — determine the repository remote, associated identity, and preferred signing method.
2) **Configure identity** — set `user.name` and `user.email` at the repo level (not global) to avoid cross-contamination.
3) **Configure signing** — choose GPG, SSH, or S/MIME and point git at the correct key.
4) **Verify** — make a test signed commit or tag and confirm it verifies cleanly.
## Workflow
### 1) Identify the repository context
```bash
# Show current repo remote + identity
git remote -v
git config user.name
git config user.email
git config commit.gpgsign
git config gpg.format
```
Determine from the remote URL whether this is a **personal**, **work**, or **open-source** project and select the matching identity.
### 2) Configure user identity (per-repo)
Always set identity at the **local** (repo) level to prevent leaking the wrong email:
```bash
git config --local user.name "Your Name"
git config --local user.email "you@example.com"
```
### 3) Enable commit signing
#### Option A — GPG signing (default, widest platform support)
```bash
# List available GPG keys
gpg --list-secret-keys --keyid-format=long
# Configure git to use GPG
git config --local gpg.format openpgp
git config --local user.signingkey <KEY-ID>
git config --local commit.gpgsign true
git config --local tag.gpgsign true
# (Optional) tell git where gpg lives
git config --local gpg.program "gpg" # Linux/macOS
git config --local gpg.program "gpg.exe" # Windows — or full path
```
#### Option B — SSH signing (simple, no extra tooling if you already use SSH keys)
```bash
# List available SSH keys
ls -la ~/.ssh/*.pub
# Configure git to use SSH signing
git config --local gpg.format ssh
git config --local user.signingkey ~/.ssh/id_ed25519.pub # path to your PUBLIC key
git config --local commit.gpgsign true
git config --local tag.gpgsign true
# (Recommended) set allowed-signers for local verification
echo "you@example.com $(cat ~/.ssh/id_ed25519.pub)" >> ~/.config/git/allowed_signers
git config --local gpg.ssh.allowedSignersFile ~/.config/git/allowed_signers
```
#### Option C — S/MIME signing (corporate PKI environments)
```bash
git config --local gpg.format x509
git config --local user.signingkey <CERTIFICATE-ID>
git config --local commit.gpgsign true
git config --local tag.gpgsign true
```
### 4) Verify the configuration
```bash
# Create a signed test commit
echo "test" >> .git/signing-test && git add .git/signing-test
git commit --allow-empty -S -m "chore: test commit signing"
# Verify the signature
git log --show-signature -1
# Clean up
git reset --soft HEAD~1
```
### 5) Multi-identity management with includeIf
For developers who contribute to many repos under different identities, use **conditional includes** in `~/.gitconfig`:
```gitconfig
# ~/.gitconfig (global)
[user]
name = Default Name
email = default@example.com
# Work repos live under ~/work/
[includeIf "gitdir:~/work/"]
path = ~/.gitconfig-work
# Personal repos live under ~/personal/
[includeIf "gitdir:~/personal/"]
path = ~/.gitconfig-personal
```
```gitconfig
# ~/.gitconfig-work
[user]
name = Work Name
email = you@company.com
signingkey = <WORK-KEY-ID>
[commit]
gpgsign = true
[gpg]
format = openpgp
```
```gitconfig
# ~/.gitconfig-personal
[user]
name = Personal Name
email = you@personal.com
signingkey = ~/.ssh/id_ed25519.pub
[commit]
gpgsign = true
[gpg]
format = ssh
```
## Guardrails
- **Never set signing identity globally** unless you only have one identity — prefer `--local` or `includeIf`.
- **Never commit a private key** — signing keys reference public key paths (SSH) or key IDs (GPG/S/MIME).
- **Pin the GPG/SSH program path** on Windows to avoid PATH issues (`gpg.program` / `gpg.ssh.program`).
- **Test after setup** — always verify with `git log --show-signature -1`.
- **Register your public key** with your forge (GitHub → Settings → SSH and GPG keys, GitLab → User Settings → GPG/SSH Keys).
## Scripts
Configure signing for the current repo interactively:
```bash
bash scripts/configure_signing.sh
```
PowerShell equivalent for Windows:
```powershell
pwsh scripts/configure_signing.ps1
```
Verify that the current repo's signing is working:
```bash
bash scripts/verify_signing.sh
```
## References
- Signing methods comparison and troubleshooting: `references/signing-methods.md`Related Skills
git-commit-helper
Help craft clear, conventional commits. Use when preparing commit messages, organizing changes into commits, or documenting intent and scope for code changes.
skill-installer
Install Codex skills into $CODEX_HOME/skills from a curated list or a GitHub repo path. Use when a user asks to list installable skills, install a curated skill, or install a skill from another repo (including private repos).
skill-creator
Guide for creating effective skills. This skill should be used when users want to create a new skill (or update an existing skill) that extends Codex's capabilities with specialized knowledge, workflows, or tool integrations.
jwebmp-webawesome
WebAwesome icon integration for JWebMP — modern, open-source icon library. Provides 1,500+ icons with solid/regular styles, sizing, rotation, animation, and CSS utilities. Drop-in FontAwesome alternative with fresh designs. Use when working with WebAwesome icons, modern icon designs, or as FontAwesome alternative in JWebMP applications.
jwebmp-webawesome-pro
WebAwesome Pro integration for JWebMP with premium icons and features. Extends jwebmp-webawesome with additional styles, premium icons, and advanced features. Use when working with WebAwesome Pro icons or premium WebAwesome features in JWebMP applications.
jwebmp-weather-icons
Weather Icons font library for JWebMP providing weather icon fonts. Use when displaying weather-related icons.
jwebmp-waypoints
Waypoints jQuery plugin for JWebMP triggering functions when elements enter the viewport. Use when implementing scroll-based interactions and animations.
jwebmp-waves-effect
Waves material design ripple effect for JWebMP creating Material Design click ripples on elements. Use when adding Material Design interaction effects.
jwebmp-vertx
Portable connector between JWebMP and Vert.x 5 powered by GuicedEE. Provides automatic page routing, AJAX event pipeline, data component servlet, CSS endpoint, site-loader script, WebSocket broadcasting via event bus, user-agent detection, and call-scope integration. Use when working with JWebMP Vert.x integration, HTTP routing, AJAX handling, WebSocket communication, or building reactive web applications with JWebMP.
jwebmp-tsclient
TypeScript client generation for JWebMP plugins. Provides annotations and utilities for generating TypeScript interfaces, components, services, and modules from Java code. Supports @TsDependency, @TsDevDependency, @NgComponent, @NgDataService, @NgRestClient annotations. Use when creating JWebMP plugins that generate TypeScript code, defining npm dependencies, building Angular-integrated components, or generating typed Angular REST client services.
jwebmp-toastr
Toastr jQuery notification plugin integration for JWebMP displaying non-blocking toast notifications. Use when showing transient user notifications and alerts.
jwebmp-themify-icons
Themify Icons font library for JWebMP providing a comprehensive icon font collection. Use when adding Themify icons to projects.