Using GPG Keys to sign Git Commits - Part 1

For a while now, I’ve been using GPG Keys to sign my Git Commits to prove that my commits on GitHub are genuine and from me. Over the last few weeks, I’ve been inspired by a couple of colleagues (Kudos to Adrian and Julie if you’re reading this) to dig out my YubiKey and use these for my key signing activities. While there are several blog posts on the topic already, I encountered a number of roadblocks along the way. The intent of this blog post is to be the first of a series, where we’ll explore what GPG is, why it may be valuable to you and how you can get going using them. We’ll then take this forwards an additional step, and show how you can use YubiKeys as a second factor of verification and the benefits of this approach. By no means am I the world’s expert in cryptography, and some of these topics, but I wanted to document my own understanding for posterity, as I’ll inevitably need to repeat/review the process in the future. I hope that this may be useful to you.


February 24, 2021
GitHub - Not just a Git repository

Chris is the blogger, podcaster, host and producer of his content platform He uses GitHub to manage, develop, build and deploy it. In this session, Chris explores how GitHub is more than just a Git repository, and how he uses it for his own work:

  • GitHub Issues / Projects to plan the content (Blog & Podcast) backlog
  • GitHub repositories to version control the website’s source code (and recently open sourced the theme)
  • GitHub Codespaces to make changes to the site from any device
  • GitHub actions to build/deploy the site, and publish podcast mp3 files