https://git-scm.com/docs/git-config#Documentation/git-config.txt-gpgsshdefaultKeyCommand This command that will be run when user.signingkey is not set and a ssh signature is requested. On successful exit a valid ssh public key prefixed with key:: is expected in the first line of its output. This allows for a script doing a dynamic lookup of the correct public key when it is impractical to statically configure user.signingKey. For example when keys or SSH Certificates are rotated frequently or selection of the right key depends on external factors unknown to git. --- The command does not actually work (for me, git version 2.42.0) with key:: prefixed. It only works if I cat the public key as-is. I only figured this out because the docs previously said it took the format of ssh-add -L, which also doesn't not contain key::. I am using this script for my "dynamic" key discovery: #!/bin/sh f=$(ssh -G $(git remote get-url $(git remote|head -1)|awk -F':' '{ print $1 }') |grep -E '^identityfile'|sed 's#^identityfile ##g') cat $(eval realpath ${f}.pub) Thanks, Matt
