Configuring Signed Commits on Paradime with SSH Keys

This guide explains how to set up SSH key-based commit signing on Paradime, which enhances the security and verification of your Git commits.

Why Sign Your Commits?

Signing your commits verifies that you are the author of your code changes and helps maintain the integrity of your codebase by preventing commit spoofing.

Prerequisites

  • Paradime IDE access

  • Git repository initialized in your Paradime workspace

  • GitHub account (for adding your signing key)

Setup Instructions

Step 1: Create the Setup Script

In your Paradime IDE, create a new file called setup_git_signed_commits.sh with the following content:

#!/bin/bash

# Function to check if we're in a git repository
check_git_repo() {
    if ! git rev-parse --git-dir > /dev/null 2>&1; then
        echo "Error: Not a git repository"
        exit 1
    fi
}

# Function to generate SSH key
generate_ssh_key() {
    local key_comment=$1
    
    if [ -f ~/.ssh/git_signing_key ]; then
        echo "Warning: SSH key git_signing_key already exists"
        read -p "Do you want to overwrite it? (y/n) " -n 1 -r
        echo
        if [[ ! $REPLY =~ ^[Yy]$ ]]; then
            echo "Aborting..."
            exit 1
        fi
    fi
    
    ssh-keygen -t ed25519 -C "$key_comment" -f ~/.ssh/git_signing_key -N ""
    
    # Set correct permissions
    chmod 600 ~/.ssh/git_signing_key
    chmod 644 ~/.ssh/git_signing_key.pub
}

# Function to configure git
configure_git() {
    echo -e "\nSetting local git configuration to use the generated signing key.."
    
    git config gpg.format ssh
    git config user.signingkey "~/.ssh/git_signing_key.pub"
    git config commit.gpgsign true
    
    echo -e "Git configuration complete!\n\n"
}

# Function to display public key
display_key() {
    echo "Here's your public key to add to GitHub:"
    echo "----------------------------------------"
    cat ~/.ssh/git_signing_key.pub
    echo "----------------------------------------"
    echo "Add this key to GitHub by visiting: https://github.com/settings/keys"
    echo "Make sure to choose the key type as 'Signing Key' when adding it. Once done, your setup is complete."
}

# Main script
main() {
    check_git_repo
    
    # Get user input
    read -p "Enter a comment for your key (e.g., your name, email, etc): " key_comment
    
    # Setup steps
    generate_ssh_key "$key_comment"
    configure_git
    display_key
}

# Run main function
main

Step 2: Make the Script Executable

Open your Paradime terminal and run the following command to make the script executable:

chmod +x setup_git_signed_commits.sh

Step 3: Run the Setup Script

Execute the script by running:

./setup_git_signed_commits.sh

When prompted, enter a comment for your key (typically your name and email address).

Step 4: Add Your Signing Key to GitHub

  1. Copy the public key that is displayed in the terminal output

  2. Go to your GitHub account settings: https://github.com/settings/keys

  3. Click "New SSH key"

  4. Choose "Signing Key" as the key type

  5. Paste your public key in the provided field

  6. Give your key a descriptive title

  7. Click "Add SSH key"

Step 5: Verification

Your setup is now complete! Every new commit you make in this repository will be automatically signed with your SSH key.

You can verify a signed commit by viewing it on GitHub, where you should see a "Verified" badge next to properly signed commits.

Last updated

Was this helpful?