Multi Git Provider Secure Commit

First, no language models were used in creating and editing this article (yes, that bad).

Second, this is one of just a few articles on LinkedIn but the items discussed below will later move to a portfolio blog because it required the setup below.

I received a certificate from the Linux Foundation Education on Developing Secure Software (LFD121) but I let it expire so what I learned may have been deleted . To get started, I looked at items:

1. Securing my Github environment. For that, I ran this Steampipe compliance mod for Github check security. https://hub.powerpipe.io/mods/turbot/steampipe-mod-github-compliance
2. Getting secure commit working between my development workstation with git and my Github repositories.

Without secure commit, the identity of the person updating the repos is determined by the git config variables for email and full name which are too easy to fake. To fix those, Github and other cloud git providers supplied "secure commit" where the git client uses an ssh or gpg key generated on the git client followed by adding the corresponding public key added to Github and other git providers. I used ssh key on all the below providers. Once the secure commit is configured, the secure commit has to be tested with empty commit.

The first test commit below is for Github. While the secure commit worked ok (see below), the Github git with ssh only works with IPv4. Meanwhile the Github Pages works with https over IPv6.

Second git provider tested below was secure commit with Gitlab in cloud. Gitlab was tested because:

1. I used Gitlab on a former contract.
2. Gitlab repo can be used as Terraform backend state for use later.
3. Unlike Github, Gitlab works with git ssh over IPv6.

Last git provider tested below was secure commit with Bitbucket in cloud. Bitbucket was tested because

1. Never used Bitbucket for anything but have used other Atlassian products Jira and Confluence at former contracts while today using Trello for personal Kanban.
2. Like Gitlab, Bittbucket works with git ssh over IPv6.
3. Later,I want to learn Bitbucket CI/CD which starts with the Bitbucket git repositories.

The only thing I have not found is a security mod or guidance for Gitlab or Bitbucket like I found for Github.

Here are the secure commit and test instructions for each provider listed below:

• Github - https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits
• Gitlab - https://docs.gitlab.com/user/project/repository/signed_commits/
• Bitbucket - https://support.atlassian.com/bitbucket-cloud/docs/use-ssh-keys-to-sign-commits/