How to Get "Verified" Commits on GitHub

To have your commits verified on GitHub, which shows a "Verified" badge next to your commits, means that the commits were signed with a GPG or S/MIME key that GitHub recognizes.

This verifies ownership and author of the commits.

Here’s a simplified step-by-step tutorial for getting your commits verified on GitHub.

Install GPG

We will create a GPG key; to do that, you'll need to download GPG. Here's how:

  • Windows: Download and install GPG from GnuPG's official website.
  • MacOS: Use Homebrew by running brew install gpg.
  • Linux: GPG is usually pre-installed. If not, install it using your package manager, e.g., sudo apt-get install gnupg for Ubuntu/Debian.

Generate a New GPG Key

  1. Open a terminal or command prompt.
  2. Generate a new GPG key pair by running: gpg --full-generate-key.
  3. Follow the prompts to select the key type, size, expiration, and confirm your name and email address.

Note: Make sure your email should matches your GitHub email.

Export Your GPG Key

  1. After generating your key, list your GPG keys by running:
gpg --list-secret-keys --keyid-format=long`
  1. You'll see an output that includes a key ID. It's the part after the / in the sec line. Example: sec rsa4096/1234ABCD5678EFGH 2023-01-01 [SC].

  2. Now that you have the ID, you can export your key using the following:

gpg --armor --export INSERT_YOUR_ID

This command will output your GPG public key. Copy everything from -----BEGIN PGP PUBLIC KEY BLOCK----- to -----END PGP PUBLIC KEY BLOCK-----. You'll need this in the next step:

Add GPG Key to GitHub

  1. Here's the URL to create a new GPG key:
  2. Paste your GPG public key into the text area.
  3. Click "Add GPG key" to save.

If this is your only GPG key, you are ready to go!

If you have multiple keys, you must set the default one with git. Grab your ID from earlier and use the following:

git config --global user.signingkey INSERT_YOUR_ID

Now, every commit you make using git commit will be signed and, when pushed to GitHub, will show as "Verified".

Avatar for Niall Maher

Written by Niall Maher

Founder of Codú - The web developer community! I've worked in nearly every corner of technology businesses; Lead Developer, Software Architect, Product Manager, CTO and now happily a Founder.


Fetching comments

Hey! 👋

Got something to say?

or to leave a comment.