SSH Certificates for signing commits #55204
Unanswered
lpcalisi
asked this question in
Enterprise
Replies: 2 comments 2 replies
-
|
git 2.34 supports sign & verificate commits with SSH certificates.
$ git show --show-signature
commit 2ab6a304e0dc763f06bf6e3e469dd57bca95d812 (HEAD -> ssh-ca-sign)
Good "git" signature for lcalisi with RSA-CERT key SHA256:mm8XrAmALO+oSCmTM/aXaKVH4tzyuFa70vubXeQn5PM
Author: Lucas
Date: Thu May 11 23:19:57 2023 -0300
sign with ephemeral SSH certificate |
Beta Was this translation helpful? Give feedback.
1 reply
-
Beta Was this translation helpful? Give feedback.
-
|
This is a thing, you just have to add the ssh key again as a |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
It doesn't accept the |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Select Topic Area
Question
Select Feature Area
Body
Does using SSH certificates for signing commits make sense?
By now, we have the possibility to authenticate to Github Enterprise (from git) using SSH certificates, but .. if you want to sign commits with strong authentication, you will need some tool that provides, for example short term x509 certificates (like sigstore)
I think supports SSH certificates as an authentication and sign method would be an opportunity to provide authentication and integrity in a single way.
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions