This is an archive page, kept for posterity. Head back to our homepage
With Fluidkeys, signing and verifying commits, tags, releases and binaries is simple. Your team can see that code changes really came from a trusted developer and not a compromised account.
Fluidkeys configures gpg, git and Github to work together seamlessly.
Use Fluidkeys status check to verify that code was signed by an authorized team member not just anyone.
For extra security, use Github branch protection to block unsigned code from entering the codebase.
Verify signatures in the normal git log workflow. All the team's keys are download automatically, allowing offline verification.