Signing git commits gives members of the team you are working with and others depending on the software you write the confidence that the code being committed is indeed written by you and not an imposter.
After [Creating a GPG key pair][1], git can be configured to use the generated key to sign commits and tags, like this:
git config --global user.signingkey <key-id>
Where <key-id> must be the id of the key being used.
After this, there are three ways to make git sign commits:
Add the -S flag on the commits you want to sign:
git commit -a -S -m "Commit Message, That is signed"
Configure git to sign all commits automatically for a particular repo
cd path/to/repo/needing/auto/signs
git config commit.gpgsign true
Configure git to sign all commits on all repos
git config --global commit.gpgsign true
Adding the key to the remote repo host (Github, Gitlab) is also recomended.
References: