git-commit-signing

Configure and manage git commit signing per repository with the correct user identity and signing method (GPG, SSH, or S/MIME). Use when setting up commit signing for a new repo, switching identities between work/personal projects, troubleshooting signing failures, or enforcing signed commits across a team.

5 stars

Best use case

git-commit-signing is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Configure and manage git commit signing per repository with the correct user identity and signing method (GPG, SSH, or S/MIME). Use when setting up commit signing for a new repo, switching identities between work/personal projects, troubleshooting signing failures, or enforcing signed commits across a team.

Teams using git-commit-signing should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/git-commit-signing/SKILL.md --create-dirs "https://raw.githubusercontent.com/GuicedEE/ai-rules/main/skills/.curated/git-commit-signing/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/git-commit-signing/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How git-commit-signing Compares

Feature / Agentgit-commit-signingStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Configure and manage git commit signing per repository with the correct user identity and signing method (GPG, SSH, or S/MIME). Use when setting up commit signing for a new repo, switching identities between work/personal projects, troubleshooting signing failures, or enforcing signed commits across a team.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Git Commit Signing

Set up and manage cryptographic commit signing with the right identity for every repository.

## Quick Start

1) **Detect context** — determine the repository remote, associated identity, and preferred signing method.
2) **Configure identity** — set `user.name` and `user.email` at the repo level (not global) to avoid cross-contamination.
3) **Configure signing** — choose GPG, SSH, or S/MIME and point git at the correct key.
4) **Verify** — make a test signed commit or tag and confirm it verifies cleanly.

## Workflow

### 1) Identify the repository context

```bash
# Show current repo remote + identity
git remote -v
git config user.name
git config user.email
git config commit.gpgsign
git config gpg.format
```

Determine from the remote URL whether this is a **personal**, **work**, or **open-source** project and select the matching identity.

### 2) Configure user identity (per-repo)

Always set identity at the **local** (repo) level to prevent leaking the wrong email:

```bash
git config --local user.name  "Your Name"
git config --local user.email "you@example.com"
```

### 3) Enable commit signing

#### Option A — GPG signing (default, widest platform support)

```bash
# List available GPG keys
gpg --list-secret-keys --keyid-format=long

# Configure git to use GPG
git config --local gpg.format openpgp
git config --local user.signingkey <KEY-ID>
git config --local commit.gpgsign true
git config --local tag.gpgsign true

# (Optional) tell git where gpg lives
git config --local gpg.program "gpg"          # Linux/macOS
git config --local gpg.program "gpg.exe"      # Windows — or full path
```

#### Option B — SSH signing (simple, no extra tooling if you already use SSH keys)

```bash
# List available SSH keys
ls -la ~/.ssh/*.pub

# Configure git to use SSH signing
git config --local gpg.format ssh
git config --local user.signingkey ~/.ssh/id_ed25519.pub   # path to your PUBLIC key
git config --local commit.gpgsign true
git config --local tag.gpgsign true

# (Recommended) set allowed-signers for local verification
echo "you@example.com $(cat ~/.ssh/id_ed25519.pub)" >> ~/.config/git/allowed_signers
git config --local gpg.ssh.allowedSignersFile ~/.config/git/allowed_signers
```

#### Option C — S/MIME signing (corporate PKI environments)

```bash
git config --local gpg.format x509
git config --local user.signingkey <CERTIFICATE-ID>
git config --local commit.gpgsign true
git config --local tag.gpgsign true
```

### 4) Verify the configuration

```bash
# Create a signed test commit
echo "test" >> .git/signing-test && git add .git/signing-test
git commit --allow-empty -S -m "chore: test commit signing"

# Verify the signature
git log --show-signature -1

# Clean up
git reset --soft HEAD~1
```

### 5) Multi-identity management with includeIf

For developers who contribute to many repos under different identities, use **conditional includes** in `~/.gitconfig`:

```gitconfig
# ~/.gitconfig  (global)
[user]
    name = Default Name
    email = default@example.com

# Work repos live under ~/work/
[includeIf "gitdir:~/work/"]
    path = ~/.gitconfig-work

# Personal repos live under ~/personal/
[includeIf "gitdir:~/personal/"]
    path = ~/.gitconfig-personal
```

```gitconfig
# ~/.gitconfig-work
[user]
    name = Work Name
    email = you@company.com
    signingkey = <WORK-KEY-ID>
[commit]
    gpgsign = true
[gpg]
    format = openpgp
```

```gitconfig
# ~/.gitconfig-personal
[user]
    name = Personal Name
    email = you@personal.com
    signingkey = ~/.ssh/id_ed25519.pub
[commit]
    gpgsign = true
[gpg]
    format = ssh
```

## Guardrails

- **Never set signing identity globally** unless you only have one identity — prefer `--local` or `includeIf`.
- **Never commit a private key** — signing keys reference public key paths (SSH) or key IDs (GPG/S/MIME).
- **Pin the GPG/SSH program path** on Windows to avoid PATH issues (`gpg.program` / `gpg.ssh.program`).
- **Test after setup** — always verify with `git log --show-signature -1`.
- **Register your public key** with your forge (GitHub → Settings → SSH and GPG keys, GitLab → User Settings → GPG/SSH Keys).

## Scripts

Configure signing for the current repo interactively:
```bash
bash scripts/configure_signing.sh
```

PowerShell equivalent for Windows:
```powershell
pwsh scripts/configure_signing.ps1
```

Verify that the current repo's signing is working:
```bash
bash scripts/verify_signing.sh
```

## References

- Signing methods comparison and troubleshooting: `references/signing-methods.md`

Related Skills

git-commit-helper

5
from GuicedEE/ai-rules

Help craft clear, conventional commits. Use when preparing commit messages, organizing changes into commits, or documenting intent and scope for code changes.

skill-installer

5
from GuicedEE/ai-rules

Install Codex skills into $CODEX_HOME/skills from a curated list or a GitHub repo path. Use when a user asks to list installable skills, install a curated skill, or install a skill from another repo (including private repos).

skill-creator

5
from GuicedEE/ai-rules

Guide for creating effective skills. This skill should be used when users want to create a new skill (or update an existing skill) that extends Codex's capabilities with specialized knowledge, workflows, or tool integrations.

jwebmp-webawesome

5
from GuicedEE/ai-rules

WebAwesome icon integration for JWebMP — modern, open-source icon library. Provides 1,500+ icons with solid/regular styles, sizing, rotation, animation, and CSS utilities. Drop-in FontAwesome alternative with fresh designs. Use when working with WebAwesome icons, modern icon designs, or as FontAwesome alternative in JWebMP applications.

jwebmp-webawesome-pro

5
from GuicedEE/ai-rules

WebAwesome Pro integration for JWebMP with premium icons and features. Extends jwebmp-webawesome with additional styles, premium icons, and advanced features. Use when working with WebAwesome Pro icons or premium WebAwesome features in JWebMP applications.

jwebmp-weather-icons

5
from GuicedEE/ai-rules

Weather Icons font library for JWebMP providing weather icon fonts. Use when displaying weather-related icons.

jwebmp-waypoints

5
from GuicedEE/ai-rules

Waypoints jQuery plugin for JWebMP triggering functions when elements enter the viewport. Use when implementing scroll-based interactions and animations.

jwebmp-waves-effect

5
from GuicedEE/ai-rules

Waves material design ripple effect for JWebMP creating Material Design click ripples on elements. Use when adding Material Design interaction effects.

jwebmp-vertx

5
from GuicedEE/ai-rules

Portable connector between JWebMP and Vert.x 5 powered by GuicedEE. Provides automatic page routing, AJAX event pipeline, data component servlet, CSS endpoint, site-loader script, WebSocket broadcasting via event bus, user-agent detection, and call-scope integration. Use when working with JWebMP Vert.x integration, HTTP routing, AJAX handling, WebSocket communication, or building reactive web applications with JWebMP.

jwebmp-tsclient

5
from GuicedEE/ai-rules

TypeScript client generation for JWebMP plugins. Provides annotations and utilities for generating TypeScript interfaces, components, services, and modules from Java code. Supports @TsDependency, @TsDevDependency, @NgComponent, @NgDataService, @NgRestClient annotations. Use when creating JWebMP plugins that generate TypeScript code, defining npm dependencies, building Angular-integrated components, or generating typed Angular REST client services.

jwebmp-toastr

5
from GuicedEE/ai-rules

Toastr jQuery notification plugin integration for JWebMP displaying non-blocking toast notifications. Use when showing transient user notifications and alerts.

jwebmp-themify-icons

5
from GuicedEE/ai-rules

Themify Icons font library for JWebMP providing a comprehensive icon font collection. Use when adding Themify icons to projects.