Skip to content
GitLab Next
  • Menu
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • GitLab GitLab
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 44,089
    • Issues 44,089
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
    • Requirements
  • Merge requests 1,304
    • Merge requests 1,304
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages & Registries
    • Packages & Registries
    • Package Registry
    • Container Registry
    • Infrastructure Registry
  • Monitor
    • Monitor
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Code review
    • Insights
    • Issue
    • Repository
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • GitLab.orgGitLab.org
  • GitLabGitLab
  • Issues
  • #19185
Closed
Open
Created Aug 17, 2017 by Thomas Grainger@graingert0 of 4 checklist items completed0/4 checklist items

Automated/web commits (merge or web IDE commits) should be OpenPGP signed

Description

I want all the commits in my repo to be signed. However automated commits run by gitlab are not signed.

Proposal

At first boot gitlab should generate a Curve25519 OpenPGP key and use that key to sign all commits.

It should not be possible to upload a new OpenPGP key. New keys should only be generated on the machine that uses them

Links / references

Documentation blurb

Overview

What is it? Automated commits are signed by gitlab Why should someone use this feature? so that all commits are signed What is the underlying (business) problem? I want all commits in my repos to be signed. How do you use this feature? it's automatic, or you can override the OpenPGP key generation.

Use cases

This is for people who want all commits to be signed.

Feature checklist

Make sure these are completed before closing the issue, with a link to the relevant commit.

  • Feature assurance
  • Documentation
  • Added to features.yml
  • auto generated key must be ed25519

Customers

https://gitlab.my.salesforce.com/0016100001CXro6

Edited Jan 22, 2021 by Thomas Grainger
Assignee
Assign to
Time tracking