Configuring Signed Commits on Paradime with SSH Keys
This guide explains how to set up SSH key-based commit signing on Paradime, which enhances the security and verification of your Git commits.
Why Sign Your Commits?
Signing your commits verifies that you are the author of your code changes and helps maintain the integrity of your codebase by preventing commit spoofing.
Prerequisites
Paradime IDE access
Git repository initialized in your Paradime workspace
GitHub account (for adding your signing key)
Setup Instructions
Step 1: Create the Setup Script
In your Paradime IDE, create a new file called setup_git_signed_commits.sh
with the following content:
#!/bin/bash
# Function to check if we're in a git repository
check_git_repo() {
if ! git rev-parse --git-dir > /dev/null 2>&1; then
echo "Error: Not a git repository"
exit 1
fi
}
# Function to generate SSH key
generate_ssh_key() {
local key_comment=$1
if [ -f ~/.ssh/git_signing_key ]; then
echo "Warning: SSH key git_signing_key already exists"
read -p "Do you want to overwrite it? (y/n) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
echo "Aborting..."
exit 1
fi
fi
ssh-keygen -t ed25519 -C "$key_comment" -f ~/.ssh/git_signing_key -N ""
# Set correct permissions
chmod 600 ~/.ssh/git_signing_key
chmod 644 ~/.ssh/git_signing_key.pub
}
# Function to configure git
configure_git() {
echo -e "\nSetting local git configuration to use the generated signing key.."
git config gpg.format ssh
git config user.signingkey "~/.ssh/git_signing_key.pub"
git config commit.gpgsign true
echo -e "Git configuration complete!\n\n"
}
# Function to display public key
display_key() {
echo "Here's your public key to add to GitHub:"
echo "----------------------------------------"
cat ~/.ssh/git_signing_key.pub
echo "----------------------------------------"
echo "Add this key to GitHub by visiting: https://github.com/settings/keys"
echo "Make sure to choose the key type as 'Signing Key' when adding it. Once done, your setup is complete."
}
# Main script
main() {
check_git_repo
# Get user input
read -p "Enter a comment for your key (e.g., your name, email, etc): " key_comment
# Setup steps
generate_ssh_key "$key_comment"
configure_git
display_key
}
# Run main function
main
Step 2: Make the Script Executable
Open your Paradime terminal and run the following command to make the script executable:
chmod +x setup_git_signed_commits.sh
Step 3: Run the Setup Script
Execute the script by running:
./setup_git_signed_commits.sh
When prompted, enter a comment for your key (typically your name and email address).
Step 4: Add Your Signing Key to GitHub
Copy the public key that is displayed in the terminal output
Go to your GitHub account settings: https://github.com/settings/keys
Click "New SSH key"
Choose "Signing Key" as the key type
Paste your public key in the provided field
Give your key a descriptive title
Click "Add SSH key"
Step 5: Verification
Your setup is now complete! Every new commit you make in this repository will be automatically signed with your SSH key.
You can verify a signed commit by viewing it on GitHub, where you should see a "Verified" badge next to properly signed commits.
Last updated
Was this helpful?