diff --git a/modules/shell/git.nix b/modules/shell/git.nix
index 8ab1d35..d290263 100644
--- a/modules/shell/git.nix
+++ b/modules/shell/git.nix
@@ -6,10 +6,23 @@
   ...
 }: {
   home-manager.users.${vars.user} = {
+    home.file.".ssh/allowed_signers".text = "* ${builtins.readFile ../../rsc/config/git/git.pub}";
+    home.file.".ssh/git.pub" = {
+      source = ../../rsc/config/git/git.pub;
+    };
+
     programs.git = {
       enable = true;
       userName = "GHOSCHT";
       userEmail = "31184695+GHOSCHT@users.noreply.github.com";
+
+      extraConfig = {
+        # Sign all commits using ssh key
+        commit.gpgsign = true;
+        gpg.format = "ssh";
+        gpg.ssh.allowedSignersFile = "~/.ssh/allowed_signers";
+        user.signingkey = "~/.ssh/git.pub";
+      };
     };
   };
 }
diff --git a/rsc/config/git/git.pub b/rsc/config/git/git.pub
new file mode 100755
index 0000000..942d487
--- /dev/null
+++ b/rsc/config/git/git.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMEJg5bmZmaysJr/jgiXasjWDoxk8djsZzDJybhxiw1S 31184695+GHOSCHT@users.noreply.github.com