JetBrains Space Help

Git Keys and Passwords

To clone and commit to remote repositories in Space, you need credentials that you generate and provide to Space. The type of credentials you'll be asked for depend on the authentication method used in the repository. Refer to the repository Readme file to find out whether you should use SSH or HTTPS to access it and if GPG commit signing is required.

SSH key

An SSH key is required to clone and interact with remote repositories over SSH.

  1. Generate your SSH public key.

  2. On the personal navigation sidebar, choose Security and go to the Git Keys tab.

  3. Click Add SSH key...:

    addSSH.png
  4. Provide your generated key and click Add.

Application password

An Application password may be required if you access a remote repository using its HTTPS address.

Create an application password

  1. On the personal navigation sidebar, choose Security and go to the 2FA tab.

  2. Click the New application password button.

  3. Give the password a name which should describe the repository you're going to use it for.

  4. Choose Full access to grant all the permissions that you have.

  5. Click Create.

    A dialog window with the new application password will be displayed:

    appPasswordCopy.png
  6. Copy the application password and store it in a secure location.

  7. Use the application password to access the repository via HTTPS.

GPG key

GPG (PGP) criptography adds an extra level of protection to your commits and a repository.

You can use a GPG key to sign your commits locally, and Space will verify your signature in repositories that are configured accordingly adding a Verified label to your commits:

gpgVerifiedCommit.png

If you are a project administrator, you can configure your repository to verify commit signatures and even prohibit commits that are not signed or verified.

To start signing your commits with a GPG key:

  1. Generate a GPG key.

  2. Add a GPG key to your Space account.

  3. Sign each commit individually or configure your Git client to sign all commits by default.

Generate a GPG key

  1. Download and install the latest version of GnuPG.

  2. Generate a GPG key pair. In your terminal (macOS) or Git Bash (Windows) run:

    gpg --full-generate-key
  3. At the prompt, you can accept the default options by pressing Enter.

  4. Provide your identification information: name and email. Make sure the email you enter is associated with your Git client and is verified for your Space account.

  5. Optionally, provide a secure passphrase. You will be asked for it when you sign your commits.

    To avoid having to enter your passphrase each time you sign a commit, you can store it using GPG Suite (macOS) or Gpg4win (Windows).

  6. Obtain the fingerprint of the generated key. Run:

    gpg --list-keys

    and copy the fingerprint:

    gpgFingerprint.png
  7. Export public key. Run the gpg -a --export command followed by the fingerprint:

    gpg -a --export F030F0197E045FADTDAE6A2BF9624B12BC7E5EAD

    (Substitute the fingerprint in this example with the one you have copied).

    Your GPG public key will be displayed.

  8. Copy the GPG public key and save it.

Add a GPG key to your Space account

  1. Log in to Space.

  2. On the personal navigation sidebar, choose Security and go to the Git Keys tab.

  3. Click Add GPG Key.

  4. Provide the public GPG key you have saved.

Sign your commits

You can sign each local commit individually or configure your Git client to auto-sign all local commits.

To sign an individual commit:

  1. When making a commit in your local branch, add the -S argument to the git commit command:

    git commit -S -am "commit message"
  2. At the prompt, enter the passphrase you created when you generated a GPG key.

    A signed commit will be created.

  3. Push your signed commit(s) to your remote Space repository as usual:

    git push

To auto-sign all commits in a particular local repository:

  1. In your terminal or Git Bash, navigate to the repository.

  2. Run the following configuration command:

    git config commit.gpgsign true

    All commits you make in this repository will be signed.

To auto-sign all commits in all local repositories:

  • Run the following configuration command:

    git config --global commit.gpgsign true

    All commits you make in any local repository will be signed.

Last modified: 07 October 2021