Login/Register
git commit signing failed: secret key not available
Asked Answered
Solved git
P

14

223

I am getting this error when trying to commit using Git.

gpg: skipped "name <[email protected]>": secret key not available
gpg: signing failed: secret key not available
error: gpg failed to sign the data
fatal: failed to write commit object

I have generated a new key as below but it still gives the same error

gpg --list-keys
~/.gnupg/pubring.gpg
--------------------------------
pub   2048R/35F5FFB2 2016-04-23
uid                  name (New key) <[email protected]>
sub   2048R/112A8C2D 2016-04-23

The secret key is the same as above

I have found this Generating a GPG key for git tagging and followed the steps but it still doesn't work, any idea?

Pathe answered 23/4, 2016 at 11:54 Comment(1)
For Windows users, it's much more likely encountering this error because Git on Windows doesn't use the correct gpg. Not finding the correct binary in PATH, git resorts to using internally bundled gpg inside its minified MSYS, which has no knowledge of where your keys are. Setting gpg.program or G(NU)PGHOME variables would resolve it, as specified in a few of the answers below.Hexapody
B
159

You need to configure the secret key before using it.

git config user.signingkey 35F5FFB2

Or declare it globally if you want to use the same key for every repository.

git config --global user.signingkey 35F5FFB2

Source: Git Tools - Signing Your Work

Breechcloth answered 23/4, 2016 at 13:49 Comment(9)
Thank you vey much Leonardo! It works!! Sorry if the question was silly, I had no idea how to solve it.Pickup
Excellent! Specifying the user's signing key also will get around having multiple email addresses on one key and having a mismatch between the git email and the first address on the key.Journey
Is it secure to store .gitconfig with secret key in public repo?Geocentric
for the record as @Geocentric asked about: — The secret key must be on your GPG keyring. Only the hash ID of that key is stored in the config.Lumbering
I had to do this along with git config --global gpg.program gpg2.Bonnie
I get a passphrase dialog with 1.4.22 but not with v2. As soon as I do git config --global gpg.program "C:/Program Files (x86)/GnuPG/bin/gpg.exe" it breaks and I get the no secret key errors. What to do?Christalchristalle
This solved a very frustrating problem for me in seconds! Thank you!Barela
BRAVO! You have to generate your own key and BOOM!Cassiani
This is not working at all. I think this wont solve this problemBackstretch
Y
333

This worked for me on Windows 10 (Note that I use the absolute path to gpg.exe):

git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

This was the error I got prior to the fix:

gpg: skipped "3E81C*******": secret key not available
gpg: signing failed: secret key not available
error: gpg failed to sign the data
fatal: failed to write commit object
Yare answered 24/6, 2018 at 11:18 Comment(8)
Got this error secret key not available with VS Code and setting gpg.exe location solved it.Arana
This worked for me as well. Especially after following the configuring steps from github itself.Cowbane
Every time my Windows Insider build installs, this option resets. Thanks for this :)Slavish
This worked for me as well after adding the absolute path of gpg. Thanks a lot.Stereochrome
yes, this is important as git has own gpg and most people will install gpg for windows and import priv key via kleopatra and only "main" gpg is aware of key location. Great answerStreet
After doing this I was still getting errors. Ultimately it was because GitHub's own guide is unclear, and I had also set options for x509 signing. Open your %USERPROFILE%\.gitconfig file and remove any x509 related settings. Hope this helps someone else! :)Yahweh
This one worked for me as I as not able to add gpg without full path to windows 10 config. now the issue I have is, do I have to keep typing pass every time I make a commit?Verdun
More simpler way to solve the issue would be to import the desired gpg keys using the git's own gpg using git bash. As Pawel mentioned in his comment, that git on windows has its own gpg. This answers makes it NOT use that.Rodge
B
159

You need to configure the secret key before using it.

git config user.signingkey 35F5FFB2

Or declare it globally if you want to use the same key for every repository.

git config --global user.signingkey 35F5FFB2

Source: Git Tools - Signing Your Work

Breechcloth answered 23/4, 2016 at 13:49 Comment(9)
Thank you vey much Leonardo! It works!! Sorry if the question was silly, I had no idea how to solve it.Pickup
Excellent! Specifying the user's signing key also will get around having multiple email addresses on one key and having a mismatch between the git email and the first address on the key.Journey
Is it secure to store .gitconfig with secret key in public repo?Geocentric
for the record as @Geocentric asked about: — The secret key must be on your GPG keyring. Only the hash ID of that key is stored in the config.Lumbering
I had to do this along with git config --global gpg.program gpg2.Bonnie
I get a passphrase dialog with 1.4.22 but not with v2. As soon as I do git config --global gpg.program "C:/Program Files (x86)/GnuPG/bin/gpg.exe" it breaks and I get the no secret key errors. What to do?Christalchristalle
This solved a very frustrating problem for me in seconds! Thank you!Barela
BRAVO! You have to generate your own key and BOOM!Cassiani
This is not working at all. I think this wont solve this problemBackstretch
L
81

What worked for me was adding

git config --global gpg.program "C:/Program Files (x86)/GNU/GnuPG/gpg2.exe"

If you want to find the full path of gpg2.exe:

where gpg2.exe
Ladd answered 13/4, 2017 at 13:29 Comment(4)
Depending on the installed version of GnuPG, you need to do this for gpg.exe instead of gpg2.exe.Hamfurd
thank you, my problem was solved using the full path (that was C:\Users\Me\AppData\Local\gnupg\bin\gpg.exe)Cata
THANK YOU! This worked for me. You saved my day :). I just used "where gpg.exe" as I dont have "gpg2.exe"Coffeehouse
recent version: git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"Venue
P
51

I recently found the same secret key not available error and a few more along the way, like GPG agent not found for instance.

In my case I wanted to get commits signed and showing as verified on GitHub.

Below are the complete steps to get it working on Windows 10 x64:

Install GPG

I installed GPG 2.3.1 with winget like so:

C:\> winget install GnuPG.GnuPG

Verify it with:

C:\> gpg --version

Generate GPG key

C:\> gpg --full-generate-key

  • Add your real name and e-mail, the same as used in the GitHub account.

  • The key must be at least 4096 bits.

Export the key in ASCII armor format

First list the key:

C:\> gpg --list-secret-keys --keyid-format=long

sec rsa4096/[short-key] 2021-06-14 [SC]

Then export it:

C:\> gpg --armor --export [short-key]

Copy the key including the BEGIN/END text.

-----BEGIN PGP PUBLIC KEY BLOCK-----
[huge-ascii-key]
-----END PGP PUBLIC KEY BLOCK-----

Add the GPG armor ASCII key to the GitHub account

Go to Profile > Settings > SSH and GPG keys > New GPG key

Or please follow these visual instructions.

Configure Git to sign all commits by default

C:\> git config --global user.signingkey [short-key]
C:\> git config --global commit.gpgsign true
C:\> git config --global gpg.program "C:/Program Files (x86)/gnupg/bin/gpg"

Set GPG environment variable for the GPG Agent

Check for GPG agent:

gpg-agent --version

Set the environment variable:

GNUPGHOME=%USERPROFILE%\AppData\Roaming\gnupg

Done

The resulting .gitconfig would have the user section like so:

[user]
    name = Your Name
    email = [email protected]
    signingkey = [short-key]
[commit]
    gpgsign = true
[gpg]
    program = C:/Program Files (x86)/gnupg/bin/gpg
Palermo answered 14/6, 2021 at 13:31 Comment(4)
thanks, this was really helpful, this should be chosen as the best answerBullet
it solves my problem, after reusing "C:\Program Files\Git\usr\bin\gpg.exe", declared in PATH.Jempty
For me the only thing missing was setting the GNUPGHOME environment variable, which I had to set to "%USERPROFILE%\.gnupg" because that's where it was installed by default. I created my key with the default 3072 bytes, not 4096 and it worked just fine.Underrate
Yeah only changes for me: [gpg] program = C:/Program Files (x86)/gnupg/bin/gpg.exe or git config --global gpg.program "C:/Program Files (x86)/gnupg/bin/gpg.exe" GNUPGHOME=%USERPROFILE%\.gnupg That finally worked with the other listed stepsBarely
O
18

I'like to complete all these answers, cause I've got many issues with this.

These exemples use the --global flag, but you can remove it if you want to to these things locally.

Configure secret key in git

git config --global user.signingkey 35F5FFB2

Configure witch gpg program tu use in git (optional)

Some systems (Ubuntu for exemple) can have gpg and gpg2 at the same time. You need to specify you'll use gpg2

git config --global gpg.program gpg2

Export GPG_TTY (optional)

It is possible if you use these command in an ssh environment that you have the following error : Inappropriate ioctl for device or gpg: échec de la signature : Ioctl() inapproprié pour un périphérique. This can be fixed via :

export GPG_TTY=$(tty)

Auto enable GPG singing (optional)

git config --global commit.gpgsign true
Ouzo answered 28/11, 2017 at 13:42 Comment(3)
How does one disable it if you no longer want to use it?Serbocroatian
You can do add the --unset flag on those git config commands to disable itOuzo
I actually used this git config --global commit.gpgsign true but said false.Serbocroatian
V
12

Using "C:\Program Files\Git\usr\bin\gpg.exe" was the solution for me.
Had to uninstall kleopatra. With it, it was not working.

So, summing up;

  • No need for kleopatra, use GIT default instead.

  • git config --global user.signingkey Y0URK3Y
git config --global commit.gpgsign true
git config --global gpg.program "C:\Program Files\Git\usr\bin\gpg.exe"
Vulpecula answered 11/11, 2020 at 0:54 Comment(1)
among all of these, yours, worked with me.Cam
S
11

I had a situation in which the same was happening to me in a Windows 10 machine.

$ git commit -m "Improve logging, imports and show time executed"
gpg: signing failed: Operation cancelled
gpg: signing failed: Operation cancelled
error: gpg failed to sign the data
fatal: failed to write commit object

The commands "C:\Program Files (x86)\GnuPG\bin\gpg.exe" --list-secret-keys --keyid-format LONG and gpg --list-secret-keys --keyid-format LONG where giving me complete different results!

$ where gpg
C:\Program Files\Git\usr\bin\gpg.exe
C:\Program Files (x86)\GnuPG\bin\gpg.exe

The main reason was related to previous answers but on a different sense:

  • I was creating the gpg keys using the git (configured path) version of GPG
  • Git was configured to use the downloaded version of gpg for the commit.
  • Seems GPG implementations use their own certificate database and storage.

I hope this can help anyone that stumbles on this message and previous answers do not solve ther issue.

Sergeant answered 3/3, 2020 at 21:35 Comment(2)
Had to add the secret key to kleopatra from the cli export, as visual studio community seems to use that by default for signing, where as the git cli used a different list/implementation and hence still worked without kleopatra.Dunlin
I copied everything from C:\Users\USERNAME\.gnupg to C:\Users\USERNAME\AppData\Roaming\gnupg and problem solved!Velvety
M
7

You have to set the variable GNUPGHOME. Without it, GnuPG is not able to find your keys. 

# On unix add it to your path

# On windows it will usually be under: 
<drive>:\Users\<username>\AppData\Roaming\gnupg

On Unix it simply adding it to the path.
On Windows you have to open the control panel and set it as 

System Variable
  Name: GNUPGHOME
  Path: <drive>:\Users\<username>\AppData\Roaming\gnupg
Marasco answered 23/4, 2016 at 13:39 Comment(1)
For me it was not GNUPGHOME. With GPGHOME it works for meStank
D
7

The following steps helped me get it fixed:

git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

git config --global --unset gpg.format

gpg --list-secret-keys --keyid-format=long
// this will list the keys and copy the Key-ID

enter image description here

copy the higlighted key in the first line and use in this next query as Key-ID

git config --global user.signingkey <Key-ID>

git config --global commit.gpgsign true
Donatist answered 17/4, 2023 at 20:40 Comment(4)
I had to come back to this advice several times on different machines! Thank you for this solution. It was what I was missing.Overstate
@MavaddatJavid great! glad to know it helped, you can up-vote if it was helpful for support :)Donatist
I am SO sorry that I can only upvote this post one time. You are a life saver, man.Perichondrium
@CésarRodriguez good to know it helped, one upvote is enough too :DDonatist
D
3

I had the same problem at it was that git name and email store in .gitconfig were different from the ones of the gpg key provided. I changed them in order to match and it started to work.

Dairying answered 9/8, 2019 at 11:13 Comment(0)
E
2

On Windows 11, setting the gpg.program as follows, didn't work for me even though the executable exists in that location.

git config --global gpg.program "C:\Program Files (x86)\gnupg\bin\gpg.exe"

I had to set it as follows:

git config --global gpg.program gpg
Elliott answered 30/10, 2022 at 8:28 Comment(0)
C
1

I got this error in VS Code. I ran below command in Bash

git config --global commit.gpgsign false

Then, hit Ctrl+, and open your settings. Uncheck "Enable Commit Signing" in workspace settings if it's enabled.

enter image description here

Now open VS Code Terminal and execute below command

enter image description here

Close and reopen VS Code if needed. It should work now.

Coltish answered 16/11, 2022 at 15:33 Comment(1)
The above worked for meCromer
C
0

Generate your gpg keys using git bash if your signing your commits

Don't forget to delete and create a new gpg key on your github after generating it through git bash. Adding a GPG key to your GitHub account

Update your signing key on your git config. git config user.signingkey <new-signingkey>

You don't have to set path of gpg (i.e git config --global gpg.program <path to gpg>)

The reason i found for this issue gpg: signing failed: secret key not available was when generating my gpg key for github, the keys were stored in different folder locations depending on the terminal that i used to generate the keys.

OS : Windows 11

gpg version

I am not sure why there are two version's of gpg. I installed "gpg4win-4.3.1.exe" on my pc

There there is a difference on the passphrase dialog box with respect to the terminals used to create the keys.

powershell / git bash passphrase ui dialoge box

Collete answered 22/3 at 18:28 Comment(2)
In my case it is different also, but what you did to get it to work?Perichondrium
@César Rodriguez first you have to remove any keys that you are not using on git bash link how to delete gpg keys and then generate a new gpg key following this link Generate a new gpg key on gitbash on gitBash terminalCollete
P
-5

Maybe you need to clone your own repository where you have rights. I had this issue when I cloned the repository of another person.

Plication answered 9/3, 2017 at 9:45 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.