Usage
Some brief examples on how to use this plugin.
Signing a project artifact and attachments
If you need to sign a project artifact and all attached artifacts, just configure the sign goal appropriately in your pom.xml for the signing to occur automatically during the package phase.
<project>
...
<build>
<plugins>
...
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jarsigner-plugin</artifactId>
<version>3.1.0</version>
<executions>
<execution>
<id>sign</id>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
<configuration>
<keystore>/path/to/the/keystore</keystore>
<alias>Alias name</alias>
<storepass>Store password</storepass>
<keypass>Key password</keypass>
</configuration>
</plugin>
...
</plugins>
</build>
...
</project>Since version 1.3 you can encrypt keypass and storepass using the maven encryption mechanism.
Verifying the signature of a project artifact and attachments
If you need to verify the signatures of a project artifact and all attached artifacts, just configure the verify goal appropriately in your pom.xml for the verification to occur automatically during the verify phase.
<project>
...
<build>
<plugins>
...
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jarsigner-plugin</artifactId>
<version>3.1.0</version>
<executions>
<execution>
<id>verify</id>
<goals>
<goal>verify</goal>
</goals>
</execution>
</executions>
<configuration>
<verbose>true</verbose>
<certs>true</certs>
</configuration>
</plugin>
...
</plugins>
</build>
...
</project>How to disable attachment processing
mvn ... -Djarsigner.attachments=false
How to disable the Jarsigner Plugin
mvn ... -Djarsigner.skip=true
For full documentation, please see the respective goal documentation.
How to use encrypted password
Since version 1.3, you can pass to the plugin some password encrypted by the maven encryption mechanism.