diff --git a/GOVERNANCE.md b/GOVERNANCE.md
index bfe21ec..75612ea 100644
--- a/GOVERNANCE.md
+++ b/GOVERNANCE.md
@@ -159,6 +159,9 @@ After the nominee's first prepared release has been promoted, the new releaser m
 * Open a PR in [nodejs/release-keys](https://github.com/nodejs/release-keys) to add their GPG key via `./cli.sh add $KEY_ID`.
 * Open a PR in [nodejs/Release](https://github.com/nodejs/Release) to add themselves under the "Releasers team" heading via `ncu-team sync README.md`.
 * Add them to the `#nodejs-release-private` team on the OpenJS Slack.
+* Configure git to sign all backport commits and release commits with the GPG key used to
+  sign the releases. Consider signing all commits on your local clone, e.g. with the
+  following command: `git config commit.gpgsign true`.
 
 New releasers should wait at least 2 weeks after adding a GPG key to the
 nodejs/node README credentials before signing a release.