Last active
April 25, 2025 13:12
-
-
Save jplew/177405fa48829a5e774cd5538290effd to your computer and use it in GitHub Desktop.
Revisions
-
JP Lew revised this gist
Dec 19, 2019 . No changes.There are no files selected for viewing
-
Dec 19, 2019 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Dec 19, 2019 . No changes.There are no files selected for viewing
-
Dec 19, 2019 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Dec 19, 2019 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,170 @@ # Set up Keybase.io, GPG & Git to sign commits on Gitlab This is a step-by-step guide on how to create a GPG key on [keybase.io](https://keybase.io), adding it to a local GPG setup and use it with Git and Gitlab. This guide is a fork of: https://github.com/pstadler/keybase-gpg-github ## Requirements 1. Install Homebrew: https://brew.sh 2. Install GPG CLI: ```sh $ brew install gpg ``` 3. Install Keybase: ```sh $ brew cask install keybase ``` 4. You should now have both the keycloak CLI and the Keybase desktop app (`/Applications/Keybase`). Open the Keybase app, create an account and sign in. ## Add your public SSH key to Gitlab: 1. Visit https://git.cto.ai/profile/keys 2. Generate new SSH keys: ```sh $ ssh-keygen -o -t rsa -b 4096 -C "[email protected]" ``` 3. Copy your public SSH key to your clipboard: ```sh cat ~/.ssh/id_rsa.pub | pbcopy ``` 4. Paste and save. 5. Test that this worked by cloning a repo: ```sh $ git clone ssh://[email protected]:2224/myproject/myrepo.git` ``` This should succeed if you are a member of the repo. Reference: https://docs.gitlab.com/ee/ssh/ ## Create a new GPG key using the Keybase CLI 1. Generate a new PGP key and write it to your local secret keychain: ```sh $ keybase pgp gen --multi # Enter your real name, which will be publicly visible in your new key: Patrick Stadler # Enter a public email address for your key: [email protected] # Enter another email address (or <enter> when done): # Push an encrypted copy of your new secret key to the Keybase.io server? [Y/n] Y # ▶ INFO PGP User ID: Patrick Stadler <[email protected]> [primary] # ▶ INFO Generating primary key (4096 bits) # ▶ INFO Generating encryption subkey (4096 bits) # ▶ INFO Generated new PGP key: # ▶ INFO user: Patrick Stadler <[email protected]> # ▶ INFO 4096-bit RSA key, ID CB86A866E870EE00, created 2016-04-06 # ▶ INFO Exported new key to the local GPG keychain ``` You will be prompted to set a passphrase. Create a strong, 31-character password using your Keychain Access app (see reference image above). Enter it twice to confirm. Since you will likely need it again, store this password somewhere secure, like as a Secure Note in Keychain Access, or in a password manager like LastPass. ## Set up Git to sign all commits 1. Obtain your signing key via the GPG CLI: ```sh $ gpg --list-secret-keys --keyid-format LONG /Users/jplew/.gnupg/pubring.kbx ------------------------------- sec rsa4096/C8AB98F11Y123456 2018-06-02 [SC] [expires: 2034-05-29] B21DBAB6AA037F5641504A8CC2DB56E29C562080 uid [ unknown] JP Lew <[email protected]> ssb rsa4096/ZZ1Z1234556FAPPO 2018-06-02 [E] [expires: 2034-05-29] ``` Your `signingkey` is the 16-character string on the `sec` line, following `rsa4096/`. 2. Add your signing key and user info to your global Git config file. To do this this, you can either: - Open `~/.gitconfig` in your text editor of choice - Open it in your default \$EDITOR: `git config --global --edit` - Use the Git CLI: ``` $ git config --global user.name "JP Lew" $ git config --global user.email [email protected] $ git config --global user.signingkey C8AB98F11Y123456 $ git config --global commit.gpgsign true ``` The final product should look like this: ``` [user] name = JP Lew email = [email protected] signingkey = C8AB98F11Y123456 username = jplew [commit] gpgsign = true ``` ## Add your public GPG key to Gitlab 1. Visit https://git.cto.ai/profile/gpg_keys 2. Copy your public key to your clipboard by running: ```sh $ keybase pgp export -q C8AB98F11Y123456 | pbcopy ``` Make sure you use your actual signing key. 3. Paste your key and save. 4. Test that this worked by signing a git commit and submitting a merge request. ```sh $ cd myrepo $ git checkout -b jplew-testbranch $ git touch newfile.txt $ git add . $ git commit -m "make a GPG signed commit" $ git push -u origin jplew-testbranch ``` 5. If you are allowed to create a merge request, it worked. Reference: https://docs.gitlab.com/ee/user/project/repository/gpg_signed_commits ### Optional: Manage your GPG keys using GPG Suite Install the GPG Suite, available from [gpgtools.org](https://gpgtools.org/#gpgsuite), or from brew by running: ```sh $ brew cask install gpg-suite ``` Once installed, open Spotlight and search for "GPGPreferences", or open system preferences and select "GPGPreferences" Select the Default Key if it is not already selected, and ensure "Store in OS X Keychain" is checked (see reference image above): The `gpg-agent.conf` is different from Method 1: Set up the agent: ```sh $ $EDITOR ~/.gnupg/gpg-agent.conf # GPG Suite should pre-populate with something similar to the following: default-cache-ttl 600 max-cache-ttl 7200 ```
JP Lew
revised
this gist