Manual Metadata Management

If you prefer to manually manage gittuf’s metadata, you need to make a few changes to your current Git workflow.

First, every time you either:

  • push your commits/changes to the remote server, or,
  • make a commit/change on your local copy of the Git repository,

you need to inform gittuf about the changes that you made. To do so, for each branch that you made changes to, you run:

gittuf rsl record <branch name>

gittuf uses your signing key to sign the entry, and then adds it to the RSL.

After you have made all desired changes to your repository and are ready to push your changes to the remote server, you need to also ensure that gittuf’s metadata is also along for the ride. To that end, you may use gittuf, by running:

gittuf sync

Or, you may use Git itself to synchronize gittuf’s references:

git push <remote> refs/gittuf/*
git fetch <remote> refs/gittuf/*:refs/gittuf/*

Don’t forget to manually run gittuf verification as well! See Verifying with gittuf to see how to do this.

Next: Users Without gittuf

After reading the documentation so far, you might be wondering how users who don’t use gittuf can work on a repository that uses gittuf. Let’s see how that works in Users without gittuf.

Copyright © 2025 gittuf a Series of LF Projects, LLC. For web site terms of use, trademark policy and other project policies please see https://lfprojects.org/.
This site uses Just the Docs, a documentation theme for Jekyll.