Skip to main content

Disabling persistent commit verification

Who can use this feature?

Site administrators

When persistent commit verification is enabled, Enterprise Server stores a verification record alongside each commit when its signature is verified. This record ensures that verified commits maintain their verification status even if signing keys are later rotated, expired, or revoked. For more information about persistent commit verification, see About commit signature verification.

By default, persistent commit verification is enabled on Enterprise Server 3.17 and later.

Each verified commit requires approximately 80 bytes of storage. For large installations with a large number of verified commits (e.g., hundreds of thousands or more), you may want to disable this feature to limit data growth.

You can disable persistent commit verification for your Enterprise Server instance.

  1. In the administrative shell, run the following command.

    Bash
    ghe-config app.persist-commit-signature-verification.enabled false
    
  2. Apply the configuration.

    Bash
    ghe-config-apply
    

If you previously disabled persistent commit verification, you can re-enable it.

  1. In the administrative shell, run the following command.

    Bash
    ghe-config app.persist-commit-signature-verification.enabled true
    
  2. Apply the configuration.

    Bash
    ghe-config-apply