What would you like Teleport to do?

Add support for signing Git commits using SSH certificates issued by Teleport's user CA (or alternatively, maybe use another internally-managed Teleport CA which can be rotated independently of others)

What problem does this solve?

GPG signatures are the current standard for signing commits, but distributing GPG trust can be hard without signing parties. Verifiably asserting that the author of a given commit was in possession of an SSH certificate issued by a trusted Teleport CA provides a better way to bootstrap this trust.

If a workaround exists, please include it.

This may be supported already, in which case this issue is related to testing the workflow end to end and creating documentation for users and cluster admins on how to do it reliably.

References

https://sayr.us/git/ssh-sign-ca
https://agwa.name/blog/post/ssh_signatures
git/git#1041