Skip to content

Instantly share code, notes, and snippets.

Last active August 29, 2023 20:29
  • Star 40 You must be signed in to star a gist
  • Fork 7 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
How to setup GPG for signing commits with Git, SourceTree, and GitHub on Mac

How to setup GPG for signing commits with Git, SourceTree, and GitHub on Mac

  1. Install GPG tools

    1. Install GPG tools and setup pin entry by running:
    brew install gnupg pinentry-mac
    mkdir -m 700 -p ~/.gnupg
    echo "pinentry-program /usr/local/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf
    killall gpg-agent
  2. Generate a new GPG key

    1. Generate a new GPG keu by running the following command and follow the prompts. Pressing enter applies decent defaults for the key parameters except for your name, email, and passphrase.
    gpg --full-generate-key
    1. Note the key id which should be seen in the following log message after completing the generation:
    gpg: key 3A35A6B4086B043E marked as ultimately trusted
  3. Add key to GitHub

    1. Copy the public key into your clipboard by running:
    gpg --armor --export <KEY_ID_FROM_STEP_2.2> | pbcopy
    1. Paste the public key into GitHub under Profile photo in upper-right corner > Settings > SSH and GPG Keys > New GPG key. Then click add GPG key. See the official GitHub docs if needed:
  4. Add key to Git config

    1. Setup Git and pinentry config to sign your commits by default by running:
    git config --global user.signingkey <KEY_ID_FROM_STEP_2.2>
    git config --global commit.gpgsign true
    git config --global gpg.program gpg
  5. Setup SourceTree to sign your commits

    1. Symlink GPG to be GPG2 by running:
    ln -s /usr/local/bin/gpg /usr/local/bin/gpg2
    1. In SourceTree under Preferences > Advanced, set the GPG Program to: /usr/local/bin. You may need to press Command+Shift+Dot to show hidden files.

Ta-da! Commits in SourceTree and in git should now be automatically signed with your GPG key.

Copy link

demonar commented Sep 27, 2021

Leaving a comment for people having issues after they upgrade and update homebrew, you must run brew unlink gpg && brew link gpg if gpg gets broken.

Copy link

aberkunov commented Mar 24, 2022

On more recent systems like M1 macs:

echo "pinentry-program /opt/homebrew/bin/pinentry-mac" >> ~/.gnupg/gpg-agent.conf 
killall gpg-agent


ln -s /opt/homebrew/Cellar/gnupg/2.3.4/bin/gpg /usr/local/bin/gpg2

Copy link

Updated version, to this date:

ln -s /opt/homebrew/Cellar/gnupg/2.4.3/bin/gpg /usr/local/bin/gpg2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment