Setting up 1Password & GitHub for commit signing

gistfile1.md

Setting up 1Password & GitHub for commit signing

1. Prerequisites

1. Install/Update 1Password desktop app.
2. Enable the 1Password SSH Agent in Settings > Developer > SSH Agent.
3. Update Git to version 2.34.0 or later.

2. Enable the 1Password SSH Agent

Before starting, ensure 1Password is acting as your SSH key manager.

1. Open 1Password and go to Settings > Developer.
2. Check the box for Use the SSH Agent.
3. (Optional but recommended) Check "Display key names when authorizing connections."

3. Generate and Register Key in 1Password

1. Open your browser and log in to github.com.
2. Go to the GitHub SSH and GPG keys settings.
3. Click New SSH Key button.
4. Click the Key text box. Click the 1Password icon, select Create SSH Key, fill in a title ("GitHub Signing Key"), and click Create and Fill.
5. In the Key type dropdown, Select Signing Key (mandatory!).
6. Click Add SSH Key to save it to GitHub.

4. Configure Git to Use 1Password

Run the following commands in your terminal to configure Git to use your new 1Password key for signing. NEW_SIGNING_KEY_SSH_PUBLIC_KEY is the public ssh key of the new signing key.

1. Configure the signing program:

git config --global gpg.format ssh
git config --global user.signingkey "NEW_SIGNING_KEY_SSH_PUBLIC_KEY"

# Or, if using op-ssh-sign:
#git config --global gpg.ssh.program /Applications/1Password.app/Contents/MacOS/op-ssh-sign # macOS

2. Enable auto-signing for all commits:

git config --global commit.gpgsign true

5. Verify Setup

1. Create a commit to test the signing:

   git commit -S -m "Test signed commit"

You should be prompted by 1Password (via biometrics or password) to authorize the signature. Confirm the signature on GitHub by checking your commit history.