Today Github's weekly newsletter brought me this handy Guide about GPG signing, git and Github. I tried setting everything up after Github released the feature back in April 2016, but I couldn't get it to work with Tower because the app doesn't officially support it.

After some research and tinkering, I found a working solution for me. Here's how I've done it:

1. Follow @pstadler's Guide

Just follow Patrick's guide step by step. I would also recommend to do the extra work and complete the optional steps for a password-less process.

 2. Create a GPG wrapper command

Create a new executable file here /usr/local/bin/gpg_wrap. It will contain the following code:

#!/bin/sh

/usr/local/bin/gpg --batch $*

Thanks to @dmilith on Twitter for the idea!

3. Update your .gitconfig

Add the following line to your .gitconfig:

[gpg]
    program = /usr/local/bin/gpg_wrap

That's it! Now you should be able to sign your Git commits with your selected GPG key without leaving Tower!

Screenshot of a signed Commit on github.com