DigiNews

Tech Watch by Johan Denoyer

← Back to articles

SSH certificates and git signing

Quality: 8/10 Relevance: 9/10

Summary

Matthew Garrett explains how SSH certificates can be used to sign git commits, replacing OpenPGP where appropriate. The post covers configuring OpenSSH certificates, validating signatures, and the practical limits of current tooling, including CI integration and a hardware-backed key approach using TPM/Secure Enclave. It also discusses attestation concepts and a path toward stronger supply-chain trust.

🚀 Service construit par Johan Denoyer