Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Signed Commits Using SSH Keys

Erik
Erik
Contributor
December 10, 2024

Today I noticed that my commits in the Bitbucket web interface have a warning icon with the message `Unverified Signature`.  Until today was not aware the web interface was able to show signed commit status. This seems to be added recently.

I've been signing my commits using an SSH key (instead of GPG key) for a long while now. Unfortunately it seems I'm only able to add GPG keys to verify signed commits, not SSH keys.

Is there a way to add my SSH key so my signed commits are also properly verified? Given that Bitbucket has a help-page on how to setup using an SSH key for signed commits I would expect it would be possible (now or in the future)

```

xxx@xxx:~/repos/xxx$ git log --show-signature commit xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (HEAD -> update_run_configuration, origin/update_run_configuration) Good "git" signature for x.xxxxxx@xxxxxx.xxx with ED25519 key SHA256:xxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Author: xxxx xxxxxx <x.xxxxxx@xxxxxx.xxx> Date: Tue Dec 10 10:48:55 2024 +0100 Update `Run Configurations` `SDK_NAME` to match new python version.

```

Answer
Watch
Like # people like this
228 views

1 answer

1 accepted

2 votes
Answer accepted
Charlie Misonne
Charlie Misonne
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
December 10, 2024

Hi Erik and welcome to the Atlassian Community!

The documentation you found is for Bitbucket Data Center where it is indeed possible to sign commits with SSH keys. This has been added in recent releases, in the past only GPG was supported.

For Bitbucket Cloud which you seem to be using there is an ongoing feature request: BCLOUD-3166. From the description I can not see if it will support SSH but you should definitely keep an eye on it.

 

View More Comments
Erik
Erik
Contributor
December 10, 2024

Thank you for the (VERY) quick response. I'll keep a watch on that feature request.

Like Charlie Misonne likes this
Charlie Misonne
Charlie Misonne
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
December 10, 2024

You're welcome!

Like
Gayatri Ramesh
Gayatri Ramesh
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 10, 2024

Hi @Erik and @Charlie Misonne - I'm a product manager on Bitbucket Cloud. We're actually in the middle of rolling out signed commits, which is why you noticed this change! Thanks for the feedback re: signing with SSH keys. This is something we're planning to work on so your feedback here helps a lot! Stay tuned for more info on the timeline, etc. 

 

Like # people like this
Erik
Erik
Contributor
December 10, 2024

Great work so far! From what I can see in the linked feature request this item has quite a long history. Very nice to see this finally being worked on. 

It was a bit confusing to see my signed commits standing out with a warning compared to the other (unsigned) commits. But at least now I know why. 

Keep up the good work, I'll be watching this and the feature request for any updates. 

Like
Charlie Misonne
Charlie Misonne
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
December 11, 2024

Thanks @Gayatri Ramesh 

Please let us know if there is another feature request to watch for the ssh signing.

Like
Robbie g8sy Gates
Robbie g8sy Gates
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
December 11, 2024

Is there any way to configure a reposiutory to disable this warning for the unrecognized SSH keys until such keys are supported by Bitbucket Cloud?

I'm getting a lot of distracting warnings in the Bitbucket Cloud UI now - all my commits have valid SSH signatures. I don't see any way to provide an SSH key for this to Bitbucket (BCLOUD-3166 notes this is "coming next year"), or any way to encode my SSH public key as a GPG public key as a workaround (this feels like it might be possible, but my websearches have so far found no way to do this, and i guess i'm not sure if your infra could validate the signature in any case).

Like # people like this
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
PRODUCT PLAN
PREMIUM
PERMISSIONS LEVEL
Product Admin Site Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events