signet is a command line tool for signing source code changes and
arbitrary files such as build outputs. Signatures are generated in
SSHSIG format and signing keys are standard SSH keys so
signet is compatible with OpenSSH's ssh-keygen -Y sign | verify.
signet stores encrypted signing keys in keychains located in ~/.config/signet on Unix systems including macOS and Linux, and the user's AppData folder on Windows.
signet init -s
signet keys -c
signet sign -k <id> -n file <FILE>
Configure git to use signet to sign commits and tags:
git config user.signingkey <id>
git config gpg.format ssh
git config gpg.ssh.program signet
git config commit.gpgsign true
git config tag.gpgsign true
Signing keys are encrypted with a password supplied by the user and that password can be stored in the system keyring or requested via interactive prompt when required.