Configuring Signed Commits on Paradime with SSH Keys

This guide explains how to set up SSH key-based commit signing on Paradime, which enhances the security and verification of your Git commits.

Why Sign Your Commits?

Signing your commits verifies that you are the author of your code changes and helps maintain the integrity of your codebase by preventing commit spoofing.

Prerequisites

Paradime IDE access
Git repository initialized in your Paradime workspace
GitHub account (for adding your signing key)

Setup Instructions

Step 1: Create the Setup Script

In your Paradime IDE, create a new file called setup_git_signed_commits.sh with the following content:

#!/bin/bash

# Function to check if we're in a git repository
check_git_repo() {
    if ! git rev-parse --git-dir > /dev/null 2>&1; then
        echo "Error: Not a git repository"
        exit 1
    fi
}

# Function to generate SSH key
generate_ssh_key() {
    local key_comment=$1
    
    if [ -f ~/.ssh/git_signing_key ]; then
        echo "Warning: SSH key git_signing_key already exists"
        read -p "Do you want to overwrite it? (y/n) " -n 1 -r
        echo
        if [[ ! $REPLY =~ ^[Yy]$ ]]; then
            echo "Aborting..."
            exit 1
        fi
    fi
    
    ssh-keygen -t ed25519 -C "$key_comment" -f ~/.ssh/git_signing_key -N ""
    
    # Set correct permissions
    chmod 600 ~/.ssh/git_signing_key
    chmod 644 ~/.ssh/git_signing_key.pub
}

# Function to configure git
configure_git() {
    echo -e "\nSetting local git configuration to use the generated signing key.."
    
    git config gpg.format ssh
    git config user.signingkey "~/.ssh/git_signing_key.pub"
    git config commit.gpgsign true
    
    echo -e "Git configuration complete!\n\n"
}

# Function to display public key
display_key() {
    echo "Here's your public key to add to GitHub:"
    echo "----------------------------------------"
    cat ~/.ssh/git_signing_key.pub
    echo "----------------------------------------"
    echo "Add this key to GitHub by visiting: https://github.com/settings/keys"
    echo "Make sure to choose the key type as 'Signing Key' when adding it. Once done, your setup is complete."
}

# Main script
main() {
    check_git_repo
    
    # Get user input
    read -p "Enter a comment for your key (e.g., your name, email, etc): " key_comment
    
    # Setup steps
    generate_ssh_key "$key_comment"
    configure_git
    display_key
}

# Run main function
main

Step 2: Make the Script Executable

Open your Paradime terminal and run the following command to make the script executable:

chmod +x setup_git_signed_commits.sh

Step 3: Run the Setup Script

Execute the script by running:

./setup_git_signed_commits.sh

When prompted, enter a comment for your key (typically your name and email address).

Step 4: Add Your Signing Key to GitHub

Copy the public key that is displayed in the terminal output
Click "New SSH key"
Choose "Signing Key" as the key type
Paste your public key in the provided field
Give your key a descriptive title
Click "Add SSH key"

Step 5: Verification

Your setup is now complete! Every new commit you make in this repository will be automatically signed with your SSH key.

You can verify a signed commit by viewing it on GitHub, where you should see a "Verified" badge next to properly signed commits.

PreviousMerge Conflicts NextGitHub Branch Protection Guide: Preventing Direct Commits to Main

Last updated 2 months ago

Was this helpful?

#!/bin/bash # Function to check if we're in a git repository check_git_repo() { if ! git rev-parse --git-dir > /dev/null 2>&1; then echo "Error: Not a git repository" exit 1 fi } # Function to generate SSH key generate_ssh_key() { local key_comment=$1 if [ -f ~/.ssh/git_signing_key ]; then echo "Warning: SSH key git_signing_key already exists" read -p "Do you want to overwrite it? (y/n) " -n 1 -r echo if [[ ! $REPLY =~ ^[Yy]$ ]]; then echo "Aborting..." exit 1 fi fi ssh-keygen -t ed25519 -C "$key_comment" -f ~/.ssh/git_signing_key -N "" # Set correct permissions chmod 600 ~/.ssh/git_signing_key chmod 644 ~/.ssh/git_signing_key.pub } # Function to configure git configure_git() { echo -e "\nSetting local git configuration to use the generated signing key.." git config gpg.format ssh git config user.signingkey "~/.ssh/git_signing_key.pub" git config commit.gpgsign true echo -e "Git configuration complete!\n\n" } # Function to display public key display_key() { echo "Here's your public key to add to GitHub:" echo "----------------------------------------" cat ~/.ssh/git_signing_key.pub echo "----------------------------------------" echo "Add this key to GitHub by visiting: https://github.com/settings/keys" echo "Make sure to choose the key type as 'Signing Key' when adding it. Once done, your setup is complete." } # Main script main() { check_git_repo # Get user input read -p "Enter a comment for your key (e.g., your name, email, etc): " key_comment # Setup steps generate_ssh_key "$key_comment" configure_git display_key } # Run main function main