Signing artifacts
We can digitally sign artifacts in Gradle with the signing plugin. The plugin supports generating Pretty Good Privacy (PGP) signatures. This signature format is also required for publication to Maven Central Repository. To create a PGP signature, we must install a few PGP tools on our computer. Installation of the tools is different for each operating system. On Unix-like systems, the software is probably available via a package manager. With the PGP software, we need to create a key pair that we can use to sign artifacts.
To sign artifacts, we must apply the signing plugin to our project. Then we must configure the plugin using a signing
configuration block. We need to at least add information about our PGP key pair. We need ...
Get Gradle Dependency Management now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.