diff --git a/.gitignore b/.gitignore
index d5fec98..d547f7c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,6 @@
+# MacOS
 .DS_Store
+
+# Nix
 result
+.cache
diff --git a/home/git.nix b/home/git.nix
index dad9f9b..cd67e6d 100755
--- a/home/git.nix
+++ b/home/git.nix
@@ -1,10 +1,30 @@
-{
+{config, ...}: let
+  signingPrincipal = "87608318+smg1024@users.noreply.github.com";
+  signingPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFuQ4STNnixjNDo38AyI0yABKAVfF3hupo66613IgfC7";
+  signingKeyPath = "${config.home.homeDirectory}/.config/sops-nix/secrets/github_ssh_key";
+  allowedSignersPath = "${config.home.homeDirectory}/.config/git/allowed_signers";
+in {
+  home.file.".config/git/allowed_signers".text = ''
+    ${signingPrincipal} ${signingPublicKey}
+  '';
+
   programs.git = {
     enable = true;
+    signing = {
+      format = "ssh";
+      key = signingKeyPath;
+      signByDefault = true;
+      signer = "ssh-keygen";
+    };
     settings = {
       user = {
         name = "Poby";
-        email = "87608318+smg1024@users.noreply.github.com";
+        email = signingPrincipal;
+      };
+      gpg = {
+        ssh = {
+          allowedSignersFile = allowedSignersPath;
+        };
       };
       init.defaultBranch = "master";
       push = {