| title | Disabling persistent commit verification | |||||
|---|---|---|---|---|---|---|
| shortTitle | Disable persistent commit verification | |||||
| intro | You can disable persistent commit verification on {% data variables.product.prodname_ghe_server %} to reduce disk usage. | |||||
| versions |
|
|||||
| type | how_to | |||||
| topics |
|
|||||
| permissions | Site administrators |
When persistent commit verification is enabled, {% data variables.product.prodname_ghe_server %} stores a verification record alongside each commit when its signature is verified. This record ensures that verified commits maintain their verification status even if signing keys are later rotated, expired, or revoked. For more information about persistent commit verification, see AUTOTITLE.
By default, persistent commit verification is enabled on {% data variables.product.prodname_ghe_server %} 3.17 and later.
Each verified commit requires approximately 80 bytes of storage. For large installations with a large number of verified commits (e.g., hundreds of thousands or more), you may want to disable this feature to limit data growth.
You can disable persistent commit verification for {% data variables.location.product_location %}.
-
In the administrative shell, run the following command.
ghe-config app.persist-commit-signature-verification.enabled false -
Apply the configuration.
ghe-config-apply
If you previously disabled persistent commit verification, you can re-enable it.
-
In the administrative shell, run the following command.
ghe-config app.persist-commit-signature-verification.enabled true -
Apply the configuration.
ghe-config-apply