How to secure Git repositories and commits

· Category: Git

Short answer

Secure Git by signing commits with GPG, restricting access, scanning for secrets, and using secure authentication methods.

Steps

  1. Sign commits with GPG:
git commit -S -m "Signed commit"
  1. Enable branch protection rules on your platform.
  2. Use SSH keys instead of passwords.
  3. Scan for secrets with tools like GitLeaks or TruffleHog.
  4. Rotate credentials if a secret is accidentally committed.

Tips

  • Require signed commits for critical branches.
  • Use personal access tokens with minimal scope instead of passwords.
  • Regularly audit repository access and collaborators.

Common issues

  • Accidentally committed secrets: revoke them immediately; history rewriting is not enough.
  • Unsigned commits in protected branches: update branch protection rules.