The sbt-pgp
plugin provides PGP signing for SBT 0.12+. Some OSS repositories (e.g. Sonatype) will require that you sign artifacts with publicly available keys prior to release. These are two of the services that sbt-pgp
provides.
Add the following to your ~/.sbt/1.0/plugins/gpg.sbt
file:
addSbtPlugin("com.jsuereth" % "sbt-pgp" % "1.1.1")
Add the following to your ~/.sbt/0.13/plugins/gpg.sbt
file:
addSbtPlugin("com.jsuereth" % "sbt-pgp" % "1.1.1")
There are two modes of use:
By default, the sbt-pgp
plugin will use the Bouncy Castle library, an implementation of PGP that is included with the plugin. It is a Java-only solution that gives the plugin great flexibility in what it can do and how it performs it.
The gpg
command-line utility which is GNU’s PGP implementation. It provides great support and is available on many platforms. You’ll need to make sure this is installed prior to usage as this dependency is not provided.
Detailed usage and configuration instructions.
To publish signed artifacts, you must use the new publishSigned
and publishLocalSigned
tasks.