Utilizing cryptographic signatures for Git commits in automated workflows enhances security and traceability within software development processes. This approach is exemplified by integrating Sigstore and Gitsign with Buildkite OpenID Connect (OIDC) to sign commits made by automation, ensuring developers and downstream processes can authenticate the origin and authenticity of changes. The process involves using OIDC tokens as identities to obtain short-lived X.509 certificates, which are then used by Gitsign to sign the commits, thereby reducing risks of unauthorized code changes and reinforcing the security of the software delivery lifecycle. This method is particularly beneficial in scenarios like scheduled builds and GitOps workflows, where it is crucial to trace commits back to their source pipelines reliably. Despite some limitations in automatic verification by popular platforms like GitHub, which might not recognize Sigstore-generated certificates as verified, manual verification using Gitsign is possible, ensuring only trusted changes are deployed.