Setting up a GPG key enables Graphite to sign commits when performing remote operations on your behalf to simplify your workflow, like rebasing, and allows GitHub to mark commits as verified. If your repo is configured in GitHub to require commit signing, you need to configure GitHub to recognize Graphite’s signed commits as well. In these cases, Graphite needs to sign the commit or GitHub will not allow the commits to be merged.

Set up signed commits

To set up a key for signing commits, visit https://app.graphite.dev/settings/preferences. The “Commit signing” section walks you through:
  • Generating a personal private/public key pair in Graphite for signing
  • Adding the public key to GitHub