Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Why can't I see the Security Tab in the Repository Settings?

Unencoded June 29, 2018

My repo settings can be seen in the below screenshot, I am looking for a way to set up GPG signing in Source Tree specifically. I have set it up to work via Git which Sourcetree leverages, but wondered if I am missing something?

Sketch (1).png

2 answers

1 accepted

1 vote
Answer accepted
Unencoded July 3, 2018

For anyone looking for an answer here, there is a fairly simple way around this using the following instructions:

  1. Open Git Bash.

  2. Use the gpg --list-secret-keys --keyid-format LONG command to list GPG keys for which you have both a public and private key. A private key is required for signing commits or tags.

    gpg --list-secret-keys --keyid-format LONG
    

    Note: Some GPG installations on Linux may require you to use gpg2 --list-keys --keyid-format LONG to view a list of your existing keys instead. In this case you will also need to configure Git to use gpg2by running git config --global gpg.program gpg2.

  3. From the list of GPG keys, copy the GPG key ID you'd like to use. In this example, the GPG key ID is 3AA5C34371567BD2:

    gpg --list-secret-keys --keyid-format LONG
    /Users/hubot/.gnupg/secring.gpg
    ------------------------------------
    sec   4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10]
    uid                          Hubot 
    ssb   4096R/42B317FD4BA89E7A 2016-03-10
  4. To set your GPG signing key in Git, paste the text below, substituting in the GPG key ID you'd like to use. In this example, the GPG key ID is 3AA5C34371567BD2:

    git config --global user.signingkey 3AA5C34371567BD2

To configure your Git client to sign commits by default for a local repository, in Git versions 2.0.0 and above, run git config commit.gpgsign true. To sign all commits by default in any local repository on your computer, run git config --global commit.gpgsign true.

To store your GPG key passphrase so you don't have to enter it every time you sign a commit, we recommend using the following tools:

  • For Mac users, the GPG Suite allows you to store your GPG key passphrase in the Mac OS Keychain.
  • For Windows users, the Gpg4win integrates with other Windows tools.

You can also manually configure gpg-agent to save your GPG key passphrase, but this doesn't integrate with Mac OS Keychain like ssh-agent and requires more setup.

This method will result in a password prompt for your GPG key when committing via Sourcetree.

1 vote
minnsey
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 3, 2018

Hi

I'm afraid GPG signing is not directly supported in Sourcetree for Windows currently.

Thanks

Thoralf October 2, 2019
P Satish Patro January 12, 2024

@minnsey I see this comment of yours is 5 years old. And still, I don't see the option in Sourcetree in Windows. 
In our company, gpg has been mandatory & I don't see support in sourcetree. Should I abandon sourcetree?

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events