4.2 KiB
title, shortTitle, intro, versions, type, topics, permissions
| title | shortTitle | intro | versions | type | topics | permissions | |||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Configuring web commit signing | Configure web commit signing | You can enable auto-signing of commits made in the web interface of {% data variables.product.product_name %}. |
|
how_to |
|
Site administrators can configure web commit signing for {% data variables.location.product_location %}. |
About web commit signing
If you enable web commit signing, {% data variables.product.product_name %} will automatically use GPG to sign commits users make on the web interface of {% data variables.location.product_location %}. Commits signed by {% data variables.product.product_name %} will have a verified status. For more information, see "AUTOTITLE."
You can enable web commit signing, rotate the private key used for web commit signing, and disable web commit signing.
Enabling web commit signing
{% data reusables.enterprise_site_admin_settings.create-pgp-key-web-commit-signing %}
- Use
web-flowas the username. Ifweb-flowis unavailable or unusable, use any new unique username. Use this username throughout the following steps in this article. - If you have a no-reply email address defined in the {% data variables.enterprise.management_console %}, use that email address. If not, use any email address, such as
web-flow@my-company.com. The email address does not need to be valid. {% data reusables.enterprise_site_admin_settings.pgp-key-no-passphrase %} {% data reusables.enterprise_site_admin_settings.pgp-key-env-variable %} {% data reusables.enterprise_site_admin_settings.update-commit-signing-service %}
-
Enable web commit signing.
ghe-config app.github.web-commit-signing-enabled true -
Apply the configuration, then wait for the configuration run to complete.
ghe-config-apply -
Create a new user on {% data variables.location.product_location %} via built-in authentication or external authentication. For more information, see "AUTOTITLE."
- The user's username must be the same username you used when creating the PGP key in step 1 above, for example,
web-flow. - The user's email address must be the same address you used when creating the PGP key. {% data reusables.enterprise_site_admin_settings.add-key-to-web-flow-user %} {% data reusables.enterprise_site_admin_settings.email-settings %}
- The user's username must be the same username you used when creating the PGP key in step 1 above, for example,
-
Under "No-reply email address", type the same email address you used when creating the PGP key.
{% note %}
Note: The "No-reply email address" field will only be displayed if you've enabled email for {% data variables.location.product_location %}. For more information, see "AUTOTITLE."
{% endnote %} {% data reusables.enterprise_management_console.save-settings %}
Rotating the private key used for web commit signing
{% data reusables.enterprise_site_admin_settings.create-pgp-key-web-commit-signing %}
- Use the web commit signing user's username, for example,
web-flow. - Use the no-reply email address defined in the {% data variables.enterprise.management_console %}, which should be the same as the email address of the web commit signing user, for example,
web-flow. {% data reusables.enterprise_site_admin_settings.pgp-key-no-passphrase %} {% data reusables.enterprise_site_admin_settings.pgp-key-env-variable %} {% data reusables.enterprise_site_admin_settings.update-commit-signing-service %} {% data reusables.enterprise_site_admin_settings.add-key-to-web-flow-user %}
Disabling web commit signing
You can disable web commit signing for {% data variables.location.product_location %}.
-
In the administrative shell, run the following command.
ghe-config app.github.web-commit-signing-enabled false -
Apply the configuration.
ghe-config-apply