diff --git a/.chezmoi.yaml.tmpl b/.chezmoi.yaml.tmpl
index f89f2fb..de6798d 100644
--- a/.chezmoi.yaml.tmpl
+++ b/.chezmoi.yaml.tmpl
@@ -10,6 +10,7 @@
 {{- $email := "" -}}
 {{- $workEmail := "" -}}
 {{- $npmToken := "" -}}
+{{- $signingKey := "" -}}
 
 {{- if and (not $businessUse) $hasOp -}}
 {{-   $name = onepasswordRead "op://Dotfiles/Git/name" -}}
@@ -23,6 +24,10 @@
 {{-   end -}}
 {{- end -}}
 
+{{- if $hasOp -}}
+{{-   $signingKey = onepasswordRead "op://Dotfiles/Git/signing_key" -}}
+{{- end -}}
+
 data:
   osid: {{ $osID | quote }}
   business_use: {{ $businessUse }}
@@ -33,6 +38,7 @@ data:
   email: {{ $email | quote }}
   work_email: {{ $workEmail | quote }}
   npm_token: {{ $npmToken | quote }}
+  signing_key: {{ $signingKey | quote }}
 
   # Auto tmux on terminal startup
   auto_tmux: true
diff --git a/dot_config/git/main.tmpl b/dot_config/git/main.tmpl
index e1bd14b..b4189d8 100644
--- a/dot_config/git/main.tmpl
+++ b/dot_config/git/main.tmpl
@@ -1,6 +1,25 @@
 [user]
   name = {{ .name }}
   email = {{ .email }}
+{{- if .signing_key }}
+  signingkey = {{ .signing_key }}
+{{- else }}
+  signingkey = ~/.ssh/id_github.pub
+{{- end }}
+
+[commit]
+  gpgsign = true
+
+[tag]
+  gpgsign = true
+
+[gpg]
+  format = ssh
+{{- if eq .chezmoi.os "darwin" }}
+
+[gpg "ssh"]
+  program = /Applications/1Password.app/Contents/MacOS/op-ssh-sign
+{{- end }}
 
 [core]
   editor = nvim