The sbt-pgp plugin provides PGP signing for SBT 0.12+. Some OSS repositories (e.g. Sonatype) will require that you sign artifacts with publicly available keys prior to release. These are two of the services that sbt-pgp provides.

Installation

For sbt 0.13.5+:

Add the following to your ~/.sbt/0.13/plugins/gpg.sbt file:

addSbtPlugin("com.jsuereth" % "sbt-pgp" % "1.0.0")

For sbt 0.13.x:

Add the following to your ~/.sbt/0.13/plugins/gpg.sbt file:

addSbtPlugin("com.typesafe.sbt" % "sbt-pgp" % "0.8.3")

For sbt 0.12.x:

Add the following to your ~/.sbt/plugins/gpg.sbt file:

addSbtPlugin("com.typesafe.sbt" % "sbt-pgp" % "0.8.3")

Usage

There are two modes of use:

Detailed usage and configuration instructions.

To publish signed artifacts, you must use the new publish-signed and publish-local-signed tasks. sbt-pgp no longer wires in to the default publish and publish-local tasks of SBT.