Afaik 1Password simply provides an ssh-agent. So I don‘t see why this should not work. If you set gits user.signingKey to your public key and have SSH_AUTH_SOCk point to 1password agent this should work. Do you have any…
You can configure which key to use when signing your work https://git-scm.com/docs/git-config#Documentation/git-config... i see that the docs are missing info on ssh there still. i will update this since with 2.34 you…
I think one of the most compelling reasons of using ssh for signatures is the possibilies of ssh-agent and especially agent-forwarding which allow for incredibly portable workflows like ssh to a ci/build host/container…
I think if you trust your maintainer/central tool enough to merge code from your developers then i think you can also trust them to verify all the commit signatures they receive and then resign the resulting merge…
Correct. Linking an identity to the crypto signature is the hard part for every mechanism. Regarding the allowed signers file you have several options: A repository only allows signed commits / merges / pushes and…
Afaik 1Password simply provides an ssh-agent. So I don‘t see why this should not work. If you set gits user.signingKey to your public key and have SSH_AUTH_SOCk point to 1password agent this should work. Do you have any…
You can configure which key to use when signing your work https://git-scm.com/docs/git-config#Documentation/git-config... i see that the docs are missing info on ssh there still. i will update this since with 2.34 you…
I think one of the most compelling reasons of using ssh for signatures is the possibilies of ssh-agent and especially agent-forwarding which allow for incredibly portable workflows like ssh to a ci/build host/container…
I think if you trust your maintainer/central tool enough to merge code from your developers then i think you can also trust them to verify all the commit signatures they receive and then resign the resulting merge…
Correct. Linking an identity to the crypto signature is the hard part for every mechanism. Regarding the allowed signers file you have several options: A repository only allows signed commits / merges / pushes and…