Skip to main content

Signing Commits

Currently, signing is only supported with commits in Git repos. See Git's documentation on "Signing Your Work" for more context.

Note that Sapling has a single configuration for your identity:

$ sl config ui.username
Alyssa P. Hacker <>

whereas Git has these as separate items:

$ git config
Alyssa P. Hacker
$ git config

You must ensure that:

  • Your value of ui.username can be parsed as NAME <EMAIL>.
  • When parsed, these values match what you specified for Real name and Email address when you created your GPG key.

In Git, you would configure your repo for automatic signing via:

git config --local user.signingkey B577AA76BAE505B1
git config --local commit.gpgsign true

Because Sapling does not read values from git config, you must add the analogous configuration to Sapling as follows:

sl config --local gpg.key B577AA76BAE505B1

Sapling's equivalent to Git's commit.gpgsign config is gpg.enabled, but it defaults to true.

Note that --local is used to enable signing for the current repository. Use --user to default to signing for all repositories on your machine.


Support for signing commits is relatively new in Sapling, so we only support a subset of Git's functionality, for now. Specifically:

  • There is no -S option for sl commit or other commands, as signing is expected to be set for the repository. To disable signing for an individual action, leveraging the --config flag like so should work, but has not been heavily tested:
sl --config gpg.enabled=false <command> <args>
  • While Git supports multiple signing schemes (GPG, SSH, or X.509), Sapling supports only GPG at this time.


The Git documentation on GPG is a bit light on detail when it comes to ensuring you have GPG configured correctly.

First, make sure that gpg is available on your $PATH and that gpg --list-secret-keys --keyid-format LONG lists the keys you expect. Note that you will have to run gpg --gen-key to create a key that matches your Sapling identity if you do not have one available already.

A basic test to ensure that gpg is setup correctly is to use it to sign a pice of test data:

echo "test" | gpg --clearsign

If you see error: gpg failed to sign the data, try this StackOverflow article:

If you see gpg: signing failed: Inappropriate ioctl for device, try:

export GPG_TTY=$(tty)