$$ \usepackage{amssymb} \newcommand{\N}{\mathbb{N}} \newcommand{\C}{\mathbb{C}} \newcommand{\R}{\mathbb{R}} \newcommand{\Z}{\mathbb{Z}} \newcommand{\ZZ}{\ooalign{Z\cr\hidewidth\kern0.1em\raisebox{-0.5ex}{Z}\hidewidth\cr}} \newcommand{\colim}{\text{colim}} \newcommand{\weaktopo}{\tau_\text{weak}} \newcommand{\strongtopo}{\tau_\text{strong}} \newcommand{\normtopo}{\tau_\text{norm}} \newcommand{\green}[1]{\textcolor{ForestGreen}{#1}} \newcommand{\red}[1]{\textcolor{red}{#1}} \newcommand{\blue}[1]{\textcolor{blue}{#1}} \newcommand{\orange}[1]{\textcolor{orange}{#1}} \newcommand{\tr}{\text{tr}} \newcommand{\id}{\text{id}} \newcommand{\im}{\text{im}\>} \newcommand{\res}{\text{res}} \newcommand{\TopTwo}{\underline{\text{Top}^{(2)}}} \newcommand{\CW}[1]{\underline{#1\text{-CW}}} \newcommand{\ZZ}{% \ooalign{Z\cr\hidewidth\raisebox{-0.5ex}{Z}\hidewidth\cr}% } % specific for this document \newcommand{\cellOne}{\textcolor{green}{1}} \newcommand{\cellTwo}{\textcolor{red}{2}} \newcommand{\cellThree}{\textcolor{brown}{3}} \newcommand{\cellFour}{\textcolor{YellowOrange}{4}} $$

Bitwarden for Git Commit Signing

cyber security
encryption
git
programming
Author

Luca Leon Happel

Published

February 18, 2026

Abstract

Signing Git commits is a crucial practice for ensuring the authenticity and integrity of your code and the work you have done. It allows you to verify that the commits that were made by you and your team have not been tampered with. In this post, I’ll show you how to use Bitwarden, a popular password manager, to sign your Git commits.

Installation

I am on NixOS, and I wish to install Bitwarden, using flatpak. I can do this by running the following command:

flatpak install flathub com.bitwarden.desktop

Now, one you have launched Bitwarden, you can create an account and set up your vault. Once you have done that, you can generate a new SSH key in your Bitwarden vault (vault is another word for the storage in your Bitwarden account).

In Bitwardens settings, check “Activate SSH Agent”. Optionally check the “Automatically start Bitwarden on system startup” option, so that you don’t have to manually start it.

Setting up the SSH agent

Put this line in your .bashrc or zshrc:

export SSH_AUTH_SOCK="$HOME/.var/app/com.bitwarden.desktop/data/.bitwarden-ssh-agent.sock"

If you have installed Bitwardern natively, you may need to specify a different path for the SSH_AUTH_SOCK variable, like this:

export SSH_AUTH_SOCK="$HOME/.bitwarden-ssh-agent.sock"

Setting up Git

Now, paste this into your terminal:

git config --global gpg.format ssh
git config --global user.signingkey "<YOUR_PUBLIC_KEY>"
# replace <YOUR_PUBLIC_KEY> with the public key you generated in Bitwarden
# e.g. : ssh-ed25519 AAAAC3Nz... comment
git config --global commit.gpgsign true
git config --global tag.gpgsign true
mkdir -p ~/.config/git
echo "$(git config --get user.email) namespaces=\"git\" <YOUR_PUBLIC_KEY>" \
  >> ~/.config/git/allowed_signers
# replace <YOUR_PUBLIC_KEY> with the public key you generated in Bitwarden
# e.g. : ssh-ed25519 AAAAC3Nz... comment

Setting up GitHub

Finally, you need to add your public key to GitHub. You can do this by going to https://github.com/settings/keys and adding your public key there.

make sure to select “signing key” and not “authentication key” here

Verfify setup

Finally, push a new commit to github. Check if there are “verified” badges to your commits. If so, you have successfully set up commit signing with Bitwarden!

success