development/git
development/git
1
0
Fork 0
mirror of https://github.com/git/git synced 2024-11-05 18:59:29 +00:00
Code Issues Projects Releases Packages Wiki Activity

gpg docs: explain better use of ssh.defaultKeyCommand

Browse source 
Using `ssh-add -L` for gpg.ssh.defaultKeyCommand is not a good
recommendation. It might switch keys depending on the order of known
keys and it only supports ssh-* and no ecdsa or other keys.
Clarify that we expect a literal key prefixed by `key::`, give valid
example use cases and refer to `user.signingKey` as the preferred
option.

Signed-off-by: Fabian Stelzer <fs@gigacodes.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Fabian Stelzer 2022-06-08 17:24:37 +02:00 committed by Junio C Hamano
parent dc8c8deaa6
commit ce18a30bb7
1 changed files with 6 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
Documentation/config/gpg.txt
View file

@ -36,9 +36,12 @@ gpg.minTrustLevel::
gpg.ssh.defaultKeyCommand:: gpg.ssh.defaultKeyCommand::
This command that will be run when user.signingkey is not set and a ssh This command that will be run when user.signingkey is not set and a ssh
signature is requested. On successful exit a valid ssh public key is signature is requested. On successful exit a valid ssh public key
expected in the first line of its output. To automatically use the first prefixed with `key::` is expected in the first line of its output.
available key from your ssh-agent set this to "ssh-add -L". This allows for a script doing a dynamic lookup of the correct public
key when it is impractical to statically configure `user.signingKey`.
For example when keys or SSH Certificates are rotated frequently or
selection of the right key depends on external factors unknown to git.
gpg.ssh.allowedSignersFile:: gpg.ssh.allowedSignersFile::
A file containing ssh public keys which you are willing to trust. A file containing ssh public keys which you are willing to trust.