I have a GPG key set up to do most of my Git work. This way, everyone can safely
assume that the commits and tags I am pushing were actually made by me. I have
configured my global ~/.gitconfig file in such a way that every commit I do is
automagically signed with my GPG key:
[commit]
gpgsign = true
However, it is not possible (as far as I know) to automagically sign tags with my GPG key in this way. So I use the following command to create signed (and annotated) tags in Git:
$ git tag -s v3.4.0 -m 'Version 3.4.0'
After this, you have to of course push the tags to your remote:
$ git push --tags
And that’s it!