GitHub Community
How to resolve the "unverified" commit field in my projects github.com repository using sigstore? #68427
Replies: 1 comment
-
|
🕒 Discussion Activity Reminder 🕒 This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions: 1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as 2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own. 3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution. Note: This dormant notification will only apply to Discussions with the Thank you for helping bring this Discussion to a resolution! 💬 |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Select Topic Area
Question
Body
Hi github community!
I've started signing git commits with sigstore using accounts.google.com to create the commit signing key. With git verify-commit HEAD, locally, it states good signature, however when I look at the commit in my project repository it states "unverified" .. so github needs a key to verify the commit, do I need to configure the sigstore key manually in my github.com settings? If so, how do I get that key sigstore created for me? Or is there another way to have github verify the signing key using sigstore?
Does anyone have any experience with this with some tips?
Thank you in advance,
Kind regards,
Matthew
Beta Was this translation helpful? Give feedback.
All reactions