Verify Flipt’s commits to your GitHub repository with SSH signing keys. This ensures that commits are authentic and have not been tampered with. You can be confident that the commits you see in your repository are indeed from Flipt.

You can learn more about GitHub’s commit verification in the GitHub documentation.

Verified Commits are only available on our Team plan and above. See our pricing page for more information.

Creating a Signing Key

To verify commits with Flipt Cloud, we’ll need to create a signing key, as Flipt needs to be able to sign the commits it creates itself.

To do this, head to your user settings in Flipt Cloud, and click ‘Generate Key’.

Copy the key as you’ll need to add it to GitHub in the next step.

Add Your Key to GitHub

Head to your key settings in GitHub, and add it as an SSH Signing Key.

It must be a signing key, rather than an authentication key, as we don’t want this key to be able to push to your repositories, just to verify commits.

How We Store Your Key

Flipt uses AWS Key Management Service (KMS) to generate and store your signing key. This means we don’t ever have access to the private key, and instead, ask the KMS API to sign commits using your key.

Was this page helpful?

User ManagementGetting Started