Signed commits
GPG (GNU Privacy Guard) is a free and open-source implementation of the OpenPGP standard. It is a tool for secure communication and data storage, allowing users to encrypt and sign their data and communications. GPG is widely used for email encryption, file encryption, and digital signatures.
This setup is for macOS users. If you're on Linux, you likely have GPG already installed — the steps are similar but may differ in details.
1. Install GPG
Install via Homebrew:
brew install gnupgVerify it worked:
gpg --version2. Create a GPG key
Run the key generation wizard:
gpg --full-gen-keyWhen prompted, choose:
- Key type: RSA and RSA
- Key size: 4096
- Expiration: your call — no expiration is allowed
- Name: your name
- Email: the same email you use in GitLab
- Passphrase: set one
The email you enter must match a verified email in your GitLab account, or GitLab won't verify the signature properly.
3. Get your key ID
List your secret keys:
gpg --list-secret-keys --keyid-format LONG you@example.comYou'll see output like:
sec rsa4096/30F2B65B9246B6CA 2026-03-18 [SC]The part after the slash (30F2B65B9246B6CA) is your key ID — you'll need it for the next steps.
4. Export your public key
gpg --armor --export 30F2B65B9246B6CACopy the full output block including the -----BEGIN PGP PUBLIC KEY BLOCK----- and -----END PGP PUBLIC KEY BLOCK----- lines. That is what you add to GitLab.
5. Add the public key to GitLab
In GitLab: click your avatar → Edit profile → Access → GPG keys → Add new key → paste the armored public key → save.
6. Configure Git to sign commits
Set your signing key and enable auto-signing:
git config --global user.signingkey 30F2B65B9246B6CA
git config --global commit.gpgsign trueMake sure your Git identity matches the email in your GitLab account:
git config --global user.name "Your Name"
git config --global user.email "you@example.com"7. Make a signed commit
git commit -m "Test signed commit"Push it, then open the commit in GitLab. A valid match will show a Verified badge.
8. Fix passphrase / pinentry issues (macOS)
If you're getting "signing failed" errors on zsh, run:
echo 'export GPG_TTY=$(tty)' >> ~/.zshrc
source ~/.zshrcFail2Ban
Fail2Ban is a security tool that helps protect your server from brute-force attacks and unauthorized access attempts. It works by monitoring log files for suspicious activity, such as repeated failed login attempts, and then takes action to block the offending IP addresses.
System Messages
System messages on Linux servers