Maven GPG Plugin

This plugin signs all of the project's attached artifacts with GnuPG.

Goals Overview

  • gpg:sign Sign project artifact, the POM, and attached artifacts with GnuPG for deployment.
  • gpg:sign-and-deploy-file Signs artifacts and installs the artifact in the remote repository.

Usage

General instructions on how to use the GPG Plugin can be found on the usage page. Some more specific use cases are described in the examples given below. Last but not least, users occasionally contribute additional examples, tips or errata to the plugin's wiki page.

In case you still have questions regarding the plugin's usage, please have a look at the FAQ and feel free to contact the user mailing list. The posts to the mailing list are archived and could already contain the answer to your question as part of an older thread. Hence, it is also worth browsing/searching the mail archive.

If you feel like the plugin is missing a feature or has a defect, you can fill a feature request or bug report in our issue tracker. When creating a new issue, please provide a comprehensive description of your concern. Especially for fixing bugs it is crucial that the developers can reproduce your problem. For this reason, entire debug logs, POMs or most preferably little demo projects attached to the issue are very much appreciated. Of course, patches are welcome, too. Contributors can check out the project from our source repository and will find supplementary information in the guide to helping with Maven.

Examples

To provide you with better understanding of some usages of the GPG Plugin, you can take a look at the following example: