Securing Git Commits with GPG and YubiKeys: Best Practices for 2026
A practical, modern guide to signing your git commits with GPG and a YubiKey. Why it matters, where the common advice is overkill, and how to set it up properly.
Hi, I'm Julie
I design & build novel developer experiences
Blog
How Claude Code made me an AI Believer
In 2025, I was an AI skeptic. Burnt out and mentally bogged down by AI slop, I observed what most companies in the MIT Media Lab's July 2025 GenAI report also found: few real productivity gains. When I started recovering and coding again, I gave the Zed IDE and Claude Code a try — and something shifted. The differentiating developer experience wasn't the underlying model, but the combined IDE and agent tooling. As I fell back in love with coding, I became a believer — not just for myself, but for the industry.
Security
Setup git commits and authentication with multiple GPG keys and YubiKeys
Since I worked as an architect in the compliant financial industry, I have been signing my git commits so that people cannot impersonate me in source code. I have always defaulted to a single GPG personal key that I could also use for both personal and work. But suddenly I needed to juggle two keys.
Skills
Architect and full stack engineer with 25+ years experience
Cloud
- Azure
- AWS
- Docker
- Containers
- Kubernetes
DevOps
- GitHub
- Azure DevOps
- Azure Pipelines
- GitHub Actions
- Jenkins
- Terraform
- ARM/Bicep
Programming
- JavaScript
- Vue.js
- Node.js
- Ruby
- Ruby on Rails
- Bash
Web
- Design
- UX
- HTML/CSS
- Frontend
- Backend
Experience
Companies I've worked for
Designer, UI/UX
Enterprise Architect
Engineer, Azure CXP