Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

Enable Git Signing for your Workbench instance

Git commit signing is enabled (or disabled) for your entire MettleCI Workbench instance, after which it is made available to those Workbench users who configure their Workbench user profile profiles appropriately. To enable Git commit signing in your Workbench instance set the commitSigningEnabled to true in your config. yml file. See MettleCI Workbench Configuration Files Explained - gitAuthentication for an example of how to do this.

Configuring this option (and restarting your Workbench service) will enable all Git commits can now to be signed by those users who have uploaded a GPG private key in to their MettleCI user profile (ask Drew for screenshot)described below). Users who have not uploaded a private GPG key to their Workbench user profile will continue to be able to commit to their authorised repositories, however their commits will remain unsigned until they provide Workbench with an appropriate key.

Configure

...

Create a GPG key at command line

Upload the private key to workbench and the public key to their account in Github/Gitlab

...

your User Profile appropriately

Each user who wishes to sign their commits will need to add a relevant SSH key to their Workbench User profile:

  1. Create an SSH key pair at command line (guide here)

    1. This should ideally be a user-specific key (i.e. not shared with other team members)

    2. Check with your Git platform’s documentation for the type of keys which are compatible with it.

  2. Upload the private key to your MettleCI Workbench profile

    1. Click your avatar or user name in the top right-hand corner of the Workbench interface and select Profile.

    2. The Git Signing Key heading will have a

      Status
      colourYellow
      titleNOT SUPPLIED
      label next to it if you have not already supplied a key value. Select the Upload Key checkbox, paste your private SSH key into the text field and click Update Profile.

      Image Added
    3. When you upload your key to Workbench it encrypts it (using your DataStage password) and stores it safely in the Java key store used for other Workbench SSH keys (e.g. supporting HTTPS access, for example). Once accepted the Git Signing Key heading will have a

      Status
      colourGreen
      titleSUPPLIED
      label next to it.

      Image Added
  3. Upload the public key associated with your private SSH key to your account on your Git platform. See your Git platform’s instructions on how to achieve this.

  4. Try performing a commit from MettleCI Workbench and check your Git platform to see if it’s recognised as a signed commit.

    1. Note that not all Git platforms have a cviosual indicator of a commit being signed. See your Git platform’s instructions on how to verify that a commit has been signed.

      Image Added
  5. You can delete your private SSH key at any time by selecting the Delete Key checkbox and clicking the Delete Key button.

    Image Added

When your DataStage Password Changes

When a user’s your DataStage password changes their GPG (Workbench) your SSH key will need to be re-encrypted by Workbench using this new password. To do this a user will need to re-upload their original GPG private SSH key to Workbench. If they choose to use a new private GPG SSH key with Workbench they’ll you’ll also need to upload the new public key to their Git platform.

Any user whose DataStage password has changed will, until Until they re-uploaded their private GPG SSH key to Workbench, any user whose DataStage password has changed will be presented with the following error during Workbench Commit operations:

...