Sign commits with your SSH key
Release notes
Signing commits just got a lot simpler. Use SSH keys to sign commits, and provide others with confidence that a Verified commit was authored by you.
Previous methods for signing commits required a GPG key or an X.509 certificate, neither of which can be used to sign in to GitLab. Adding support for commit signing with SSH keys now makes it possible to reuse your authentication key pair to also sign your commits. If you already authenticate into GitLab with an SSH key, add three lines of code to your local Git configuration and all your future commits will be signed.
By default, all SSH keys currently in your profile can be used for both authentication and signing commits. To use a key for only one of the purposes, upload a new key.
https://docs.gitlab.com/ee/user/project/repository/ssh_signed_commits/
Problem to solve
As a developer, I don't want to have to manage separate keys for SSH git access and commit signing (or even use GPG at all, if we're being honest). I already have SSH keys set up for git access, and by using the same keys for commit signatures, I can get signed commits
Context
The ability to sign commits with SSH keys is now available in git 2.34. We should add support for SSH signing for signed commits.
Intended users
Who will use this feature? If known, include any of the following: types of users (e.g. Developer), personas, or specific company roles (e.g. Release Manager). It's okay to write "Unknown" and fill this field in later.
Personas are described at https://about.gitlab.com/handbook/marketing/product-marketing/roles-personas/
Proposal
- Add SSH commit signatures
- Allow existing SSH public keys to be used for verifying them
Related issues
- We added support for x509 signatures a year ago in #29782 (closed)
Implementation Plan
- Create a new signature model (
app/models/commit_signatures/ssh_signature.rb
) - Update
app/models/key.rb
to be related to an SshSignature. (How to handle key revocation?) - Create a new commit type (
lib/gitlab/ssh/commit.rb
) - Update the signature methods in
app/models/commit.rb
to handle ssh signatures & commits - Update
app/services/git/branch_hooks_service.rb
andapp/workers/create_commit_signature_worker.rb
to process SSH signatures when new commits are pushed
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.