Configuring Git Commit Signing for Multiple Environments

Posted on 2025-04-24

TL;DR

Learn how to configure Git commit signing for multiple environments, using the includeIf directive to apply different emails and signing keys for specific repositories, enhancing organization, security, and productivity.

I have to manage multiple git repositories hosted on different servers. Each project might require specific configurations, especially when it comes to commit signing with Git. This blog post will guide you through setting up different SSH identities and email addresses for commit signing in various Git repositories, all while maintaining a clean and organized configuration.

First, let’s establish a global configuration in your ~/.gitconfig file. This will serve as the default for repositories that don’t require specific settings. Here’s an example configuration:

# core {{{
[core]
    editor = /usr/bin/vim
    excludesfile = ~/.gitignore_global
    pager=less
#}}}

# user {{{
[user]
    email = benjamin.brunzel@my-company.com
    name = Benjamin Brunzel
#}}}

This configuration sets your default email and name for commits, along with some core settings like your preferred editor and global ignore file.

For repositories under ~/dev/customer1, you might want to use a different email and signing key. Git allows you to include specific configurations based on the directory structure. Here’s how you can set it up:

In your global ~/.gitconfig, add an includeIf directive:

# includes for customer1
[includeIf "gitdir:~/dev/customer1/**"]
    path = ~/dev/customer1/customer1.gitconfig

This tells Git to include the configuration from ~/dev/customer1/customer1.gitconfig for any repository within the ~/dev/customer1 directory.

Create a customer1.gitconfig file in the ~/dev/customer1 directory with the following content:

[user]
    email = benjamin.brunzel@customer1.com
    name = Benjamin Brunzel
    signingkey = ~/.ssh/customer1_id_ed25519.pub

[gpg]
    format = ssh
[commit]
    gpgsign = true

This configuration specifies a different email and signing key for commits made in repositories under ~/dev/customer1. The gpgsign option ensures that all commits are signed using the specified SSH key.

By structuring your configurations based on directory paths, you maintain a clean and organized setup that automatically applies the correct settings based on the repository location. Using different SSH keys for different environments enhances security by compartmentalizing access. Easily switch between different configurations without manually changing settings each time you work on a different project.

Configuring Git to use different identities and email addresses for commit signing across multiple environments is a powerful way to manage your projects efficiently. By leveraging Git’s includeIf directive, you can ensure that each repository uses the correct settings, enhancing both security and productivity. I hope that helps you out.

Portrait of the blog's author. Dude with full beard and short hair.

Author: Benjamin Brunzel I'm a software engineer based in Hamburg, Germany. If you want to get in touch contact me in the fediverse