Signs all of a project's attached artifacts with GnuPG.
You need to have previously configured the default key.
gpg also needs to be on the search path.
First you add the plugin to your pom.xml like this:
<project>
...
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>1.0</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
...
</project>
Then you specify the passphrase on the command line. Like this:
mvn verify -Dgpg.passphrase=thephrase
If you don't specify a passphrase, it will prompt for one.