diff options
| author | Fabian Stelzer <fs@gigacodes.de> | 2022-06-08 17:24:37 +0200 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2022-06-08 16:33:40 -0700 |
| commit | ce18a30bb78720d90df42b9d9ee6b8b7dd33d7e6 (patch) | |
| tree | ff62097391dd860007845ec05624eb1decfc740e | |
| parent | dc8c8deaa6b5847733bd7df011a4c7b7d1a64e0a (diff) | |
| download | git-ce18a30bb78720d90df42b9d9ee6b8b7dd33d7e6.tar.gz | |
gpg docs: explain better use of ssh.defaultKeyCommand
Using `ssh-add -L` for gpg.ssh.defaultKeyCommand is not a good
recommendation. It might switch keys depending on the order of known
keys and it only supports ssh-* and no ecdsa or other keys.
Clarify that we expect a literal key prefixed by `key::`, give valid
example use cases and refer to `user.signingKey` as the preferred
option.
Signed-off-by: Fabian Stelzer <fs@gigacodes.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
| -rw-r--r-- | Documentation/config/gpg.txt | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/Documentation/config/gpg.txt b/Documentation/config/gpg.txt index 86892ada77..86f6308c4c 100644 --- a/Documentation/config/gpg.txt +++ b/Documentation/config/gpg.txt @@ -36,9 +36,12 @@ gpg.minTrustLevel:: gpg.ssh.defaultKeyCommand:: This command that will be run when user.signingkey is not set and a ssh - signature is requested. On successful exit a valid ssh public key is - expected in the first line of its output. To automatically use the first - available key from your ssh-agent set this to "ssh-add -L". + signature is requested. On successful exit a valid ssh public key + prefixed with `key::` is expected in the first line of its output. + This allows for a script doing a dynamic lookup of the correct public + key when it is impractical to statically configure `user.signingKey`. + For example when keys or SSH Certificates are rotated frequently or + selection of the right key depends on external factors unknown to git. gpg.ssh.allowedSignersFile:: A file containing ssh public keys which you are willing to trust. |