188

I am getting this error when trying to commit using Git.

gpg: skipped "name <name@mail.com>": secret key not available
gpg: signing failed: secret key not available
error: gpg failed to sign the data
fatal: failed to write commit object

I have generated a new key as below but it still gives the same error

gpg --list-keys
~/.gnupg/pubring.gpg
--------------------------------
pub   2048R/35F5FFB2 2016-04-23
uid                  name (New key) <name@mail.com>
sub   2048R/112A8C2D 2016-04-23

The secret key is the same as above

I have found this Generating a GPG key for git tagging and followed the steps but it still doesn't work, any idea?

Community
  • 1
  • 1
Emilio Menéndez
  • 1,932
  • 2
  • 11
  • 20
  • 8
    For Windows users, it's much more likely encountering this error because Git on Windows doesn't use the correct gpg. Not finding the correct binary in PATH, git resorts to using internally bundled gpg inside its minified MSYS, which has no knowledge of where your keys are. Setting gpg.program or G(NU)PGHOME variables would resolve it, as specified in a few of the answers below. – Abel Cheung May 28 '20 at 19:06

13 Answers13

303

This worked for me on Windows 10 (Note that I use the absolute path to gpg.exe):

git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

This was the error I got prior to the fix:

gpg: skipped "3E81C*******": secret key not available
gpg: signing failed: secret key not available
error: gpg failed to sign the data
fatal: failed to write commit object
TrackerSB
  • 317
  • 6
  • 19
Wakeel
  • 4,272
  • 2
  • 13
  • 14
  • 12
    Got this error `secret key not available` with VS Code and setting `gpg.exe` location solved it. – Dawid Aug 06 '18 at 22:37
  • 2
    This worked for me as well. Especially after following the configuring steps from [github](https://help.github.com/en/articles/generating-a-new-gpg-key) itself. – Bas G Aug 21 '19 at 06:46
  • 1
    Every time my Windows Insider build installs, this option resets. Thanks for this :) – VRG Jan 08 '20 at 13:09
  • This worked for me as well after adding the absolute path of gpg. Thanks a lot. – Adarsh Srivastava Oct 16 '20 at 11:58
  • 8
    yes, this is important as git has own gpg and most people will install gpg for windows and import priv key via kleopatra and only "main" gpg is aware of key location. Great answer – Pawel Cioch Dec 23 '20 at 17:20
  • After doing this I was still getting errors. Ultimately it was because GitHub's own guide is unclear, and I had also set options for x509 signing. Open your `%USERPROFILE%\.gitconfig` file and remove any x509 related settings. Hope this helps someone else! :) – Kip Dec 04 '21 at 20:50
  • This one worked for me as I as not able to add gpg without full path to windows 10 config. now the issue I have is, do I have to keep typing pass every time I make a commit? – princeoo7 Sep 06 '22 at 19:29
  • More simpler way to solve the issue would be to import the desired gpg keys using the git's own gpg using git bash. As Pawel mentioned in his comment, that git on windows has its own gpg. This answers makes it NOT use that. – Hiro Nov 03 '22 at 11:56
139

You need to configure the secret key before using it.

git config user.signingkey 35F5FFB2

Or declare it globally if you want to use the same key for every repository.

git config --global user.signingkey 35F5FFB2

Source: Git Tools - Signing Your Work

Nicolás Alarcón Rapela
  • 2,714
  • 1
  • 18
  • 29
Leonardo Emanuel Alifraco
  • 1,751
  • 1
  • 11
  • 4
  • Thank you vey much Leonardo! It works!! Sorry if the question was silly, I had no idea how to solve it. – Emilio Menéndez Apr 23 '16 at 14:22
  • Excellent! Specifying the user's signing key also will get around having multiple email addresses on one key and having a mismatch between the git email and the first address on the key. – user2943160 Jun 08 '16 at 14:14
  • 1
    Is it secure to store .gitconfig with secret key in public repo? – melihovv Feb 02 '17 at 00:59
  • 1
    for the record as @melihovv asked about: — The secret key must be on your GPG keyring. Only the hash ID of that key is stored in the config. – BRPocock May 16 '17 at 14:21
  • 5
    I had to do this along with `git config --global gpg.program gpg2`. – Splaktar Sep 27 '17 at 06:06
  • 1
    I get a passphrase dialog with 1.4.22 but not with v2. As soon as I do git config --global gpg.program "C:/Program Files (x86)/GnuPG/bin/gpg.exe" it breaks and I get the no secret key errors. What to do? – Ini Sep 07 '18 at 19:34
  • This solved a very frustrating problem for me in seconds! Thank you! – Angelfirenze Apr 26 '20 at 16:49
  • BRAVO! You have to generate your own key and BOOM! – Roshan Zaid May 08 '22 at 11:49
  • This is not working at all. I think this wont solve this problem – ekibet Feb 24 '23 at 15:01
78

What worked for me was adding

git config --global gpg.program "C:/Program Files (x86)/GNU/GnuPG/gpg2.exe"

If you want to find the full path of gpg2.exe:

where gpg2.exe
Aleksandr M
  • 24,264
  • 12
  • 69
  • 143
paul van bladel
  • 1,663
  • 14
  • 18
40

I recently found the same secret key not available error and a few more along the way, like GPG agent not found for instance.

In my case I wanted to get commits signed and showing as verified on GitHub.

Below are the complete steps to get it working on Windows 10 x64:

Install GPG

I installed GPG 2.3.1 with winget like so:

C:\> winget install GnuPG.GnuPG

Verify it with:

C:\> gpg --version

Generate GPG key

C:\> gpg --full-generate-key

  • Add your real name and e-mail, the same as used in the GitHub account.

  • The key must be at least 4096 bits.

Export the key in ASCII armor format

First list the key:

C:\> gpg --list-secret-keys --keyid-format=long

sec rsa4096/[short-key] 2021-06-14 [SC]

Then export it:

C:\> gpg --armor --export [short-key]

Copy the key including the BEGIN/END text.

-----BEGIN PGP PUBLIC KEY BLOCK-----
[huge-ascii-key]
-----END PGP PUBLIC KEY BLOCK-----

Add the GPG armor ASCII key to the GitHub account

Go to Profile > Settings > SSH and GPG keys > New GPG key

Or please follow these visual instructions.

Configure Git to sign all commits by default

C:\> git config --global user.signingkey [short-key]
C:\> git config --global commit.gpgsign true
C:\> git config --global gpg.program "C:/Program Files (x86)/gnupg/bin/gpg"

Set GPG environment variable for the GPG Agent

Check for GPG agent:

gpg-agent --version

Set the environment variable:

GNUPGHOME=%USERPROFILE%\AppData\Roaming\gnupg

Done

The resulting .gitconfig would have the user section like so:

[user]
    name = Your Name
    email = your@email.com
    signingkey = [short-key]
[commit]
    gpgsign = true
[gpg]
    program = C:/Program Files (x86)/gnupg/bin/gpg
rbento
  • 9,919
  • 3
  • 61
  • 61
  • 3
    thanks, this was really helpful, this should be chosen as the best answer – akmsw Jan 04 '23 at 00:43
  • 2
    it solves my problem, after reusing "C:\Program Files\Git\usr\bin\gpg.exe", declared in PATH. – Robin Loxley Jan 30 '23 at 09:45
  • For me the only thing missing was setting the GNUPGHOME environment variable, which I had to set to "%USERPROFILE%\.gnupg" because that's where it was installed by default. I created my key with the default 3072 bytes, not 4096 and it worked just fine. – Sideways S May 31 '23 at 14:47
18

I'like to complete all these answers, cause I've got many issues with this.

These exemples use the --global flag, but you can remove it if you want to to these things locally.

Configure secret key in git

git config --global user.signingkey 35F5FFB2

Configure witch gpg program tu use in git (optional)

Some systems (Ubuntu for exemple) can have gpg and gpg2 at the same time. You need to specify you'll use gpg2

git config --global gpg.program gpg2

Export GPG_TTY (optional)

It is possible if you use these command in an ssh environment that you have the following error : Inappropriate ioctl for device or gpg: échec de la signature : Ioctl() inapproprié pour un périphérique. This can be fixed via :

export GPG_TTY=$(tty)

Auto enable GPG singing (optional)

git config --global commit.gpgsign true
LeGEC
  • 46,477
  • 5
  • 57
  • 104
alphayax
  • 2,930
  • 2
  • 25
  • 25
12

Using "C:\Program Files\Git\usr\bin\gpg.exe" was the solution for me.
Had to uninstall kleopatra. With it, it was not working.

So, summing up;

  • No need for kleopatra, use GIT default instead.

  • git config --global user.signingkey Y0URK3Y
git config --global commit.gpgsign true
git config --global gpg.program "C:\Program Files\Git\usr\bin\gpg.exe"
António Almeida
  • 9,620
  • 8
  • 59
  • 66
11

I had a situation in which the same was happening to me in a Windows 10 machine.

$ git commit -m "Improve logging, imports and show time executed"
gpg: signing failed: Operation cancelled
gpg: signing failed: Operation cancelled
error: gpg failed to sign the data
fatal: failed to write commit object

The commands "C:\Program Files (x86)\GnuPG\bin\gpg.exe" --list-secret-keys --keyid-format LONG and gpg --list-secret-keys --keyid-format LONG where giving me complete different results!

$ where gpg
C:\Program Files\Git\usr\bin\gpg.exe
C:\Program Files (x86)\GnuPG\bin\gpg.exe

The main reason was related to previous answers but on a different sense:

  • I was creating the gpg keys using the git (configured path) version of GPG
  • Git was configured to use the downloaded version of gpg for the commit.
  • Seems GPG implementations use their own certificate database and storage.

I hope this can help anyone that stumbles on this message and previous answers do not solve ther issue.

will824
  • 2,203
  • 4
  • 27
  • 29
  • Had to add the secret key to kleopatra from the cli export, as visual studio community seems to use that by default for signing, where as the git cli used a different list/implementation and hence still worked without kleopatra. – Nithish Jun 30 '20 at 22:22
  • I copied everything from `C:\Users\USERNAME\.gnupg` to `C:\Users\USERNAME\AppData\Roaming\gnupg` and problem solved! – Mikael Dúi Bolinder Jan 09 '22 at 00:23
7

You have to set the variable GNUPGHOME. Without it, GnuPG is not able to find your keys. 

# On unix add it to your path

# On windows it will usually be under: 
<drive>:\Users\<username>\AppData\Roaming\gnupg

On Unix it simply adding it to the path.
On Windows you have to open the control panel and set it as 

System Variable
  Name: GNUPGHOME
  Path: <drive>:\Users\<username>\AppData\Roaming\gnupg
CodeWizard
  • 128,036
  • 21
  • 144
  • 167
3

The following steps helped me get it fixed:

git config --global gpg.program "C:\Program Files (x86)\GnuPG\bin\gpg.exe"

git config --global --unset gpg.format

gpg --list-secret-keys --keyid-format=long
// this will list the keys and copy the Key-ID

enter image description here

copy the higlighted key in the first line and use in this next query as Key-ID

git config --global user.signingkey <Key-ID>

git config --global commit.gpgsign true
Ehsan Sajjad
  • 61,834
  • 16
  • 105
  • 160
2

I had the same problem at it was that git name and email store in .gitconfig were different from the ones of the gpg key provided. I changed them in order to match and it started to work.

Patricio Perpetua
  • 21
  • 1
1

On Windows 11, setting the gpg.program as follows, didn't work for me even though the executable exists in that location.

git config --global gpg.program "C:\Program Files (x86)\gnupg\bin\gpg.exe"

I had to set it as follows:

git config --global gpg.program gpg
Just The Highlights
  • 1,555
  • 19
  • 31
1

I got this error in VS Code. I ran below command in Bash

git config --global commit.gpgsign false

Then, hit Ctrl+, and open your settings. Uncheck "Enable Commit Signing" in workspace settings if it's enabled.

enter image description here

Now open VS Code Terminal and execute below command

enter image description here

Close and reopen VS Code if needed. It should work now.

R15
  • 13,982
  • 14
  • 97
  • 173
-5

Maybe you need to clone your own repository where you have rights. I had this issue when I cloned the repository of another person.

user6671429
  • 1