Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Why can't I see the Security Tab in the Repository Settings?

Unencoded
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
June 29, 2018

My repo settings can be seen in the below screenshot, I am looking for a way to set up GPG signing in Source Tree specifically. I have set it up to work via Git which Sourcetree leverages, but wondered if I am missing something?

Sketch (1).png

2 answers

1 accepted

1 vote
Answer accepted
Unencoded
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
July 3, 2018

For anyone looking for an answer here, there is a fairly simple way around this using the following instructions:

  1. Open Git Bash.

  2. Use the gpg --list-secret-keys --keyid-format LONG command to list GPG keys for which you have both a public and private key. A private key is required for signing commits or tags.

    gpg --list-secret-keys --keyid-format LONG
    

    Note: Some GPG installations on Linux may require you to use gpg2 --list-keys --keyid-format LONG to view a list of your existing keys instead. In this case you will also need to configure Git to use gpg2by running git config --global gpg.program gpg2.

  3. From the list of GPG keys, copy the GPG key ID you'd like to use. In this example, the GPG key ID is 3AA5C34371567BD2:

    gpg --list-secret-keys --keyid-format LONG
    /Users/hubot/.gnupg/secring.gpg
    ------------------------------------
    sec   4096R/3AA5C34371567BD2 2016-03-10 [expires: 2017-03-10]
    uid                          Hubot 
    ssb   4096R/42B317FD4BA89E7A 2016-03-10
  4. To set your GPG signing key in Git, paste the text below, substituting in the GPG key ID you'd like to use. In this example, the GPG key ID is 3AA5C34371567BD2:

    git config --global user.signingkey 3AA5C34371567BD2

To configure your Git client to sign commits by default for a local repository, in Git versions 2.0.0 and above, run git config commit.gpgsign true. To sign all commits by default in any local repository on your computer, run git config --global commit.gpgsign true.

To store your GPG key passphrase so you don't have to enter it every time you sign a commit, we recommend using the following tools:

  • For Mac users, the GPG Suite allows you to store your GPG key passphrase in the Mac OS Keychain.
  • For Windows users, the Gpg4win integrates with other Windows tools.

You can also manually configure gpg-agent to save your GPG key passphrase, but this doesn't integrate with Mac OS Keychain like ssh-agent and requires more setup.

This method will result in a password prompt for your GPG key when committing via Sourcetree.

1 vote
minnsey
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 3, 2018

Hi

I'm afraid GPG signing is not directly supported in Sourcetree for Windows currently.

Thanks

Thoralf
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
October 2, 2019
P Satish Patro January 12, 2024

@minnsey I see this comment of yours is 5 years old. And still, I don't see the option in Sourcetree in Windows. 
In our company, gpg has been mandatory & I don't see support in sourcetree. Should I abandon sourcetree?

C14
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
May 10, 2024

@minnsey I'm still interested in GPG signing in Sourcetree in Windows. Is there a chance that this makes it back into the roadmap?

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events