Install GPG tools
- Install GPG tools and setup pin entry by running:
brew install gnupg pinentry-mac mkdir -m 700 -p ~/.gnupg echo "pinentry-program /usr/local/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf killall gpg-agent
Generate a new GPG key
- Generate a new GPG keu by running the following command and follow the prompts. Pressing enter applies decent defaults for the key parameters except for your name, email, and passphrase.
- Note the key id which should be seen in the following log message after completing the generation:
gpg: key 3A35A6B4086B043E marked as ultimately trusted
Add key to GitHub
- Copy the public key into your clipboard by running:
gpg --armor --export <KEY_ID_FROM_STEP_2.2> | pbcopy
- Paste the public key into GitHub under Profile photo in upper-right corner > Settings > SSH and GPG Keys > New GPG key. Then click add GPG key. See the official GitHub docs if needed: https://help.github.com/en/github/authenticating-to-github/adding-a-new-gpg-key-to-your-github-account
Add key to Git config
- Setup Git and pinentry config to sign your commits by default by running:
git config --global user.signingkey <KEY_ID_FROM_STEP_2.2> git config --global commit.gpgsign true git config --global gpg.program gpg
Setup SourceTree to sign your commits
- Symlink GPG to be GPG2 by running:
ln -s /usr/local/bin/gpg /usr/local/bin/gpg2
- In SourceTree under Preferences > Advanced, set the GPG Program to:
/usr/local/bin. You may need to press
Command+Shift+Dotto show hidden files.
Ta-da! Commits in SourceTree and in git should now be automatically signed with your GPG key.