{"id":23756786,"url":"https://github.com/s4u/sign-maven-plugin","last_synced_at":"2025-05-12T17:24:26.987Z","repository":{"id":38631272,"uuid":"321468565","full_name":"s4u/sign-maven-plugin","owner":"s4u","description":"Maven plugin which creates Open PGP / GPG signatures for all of the project's artifacts","archived":false,"fork":false,"pushed_at":"2025-04-11T23:55:11.000Z","size":986,"stargazers_count":48,"open_issues_count":12,"forks_count":7,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-04-12T00:31:09.115Z","etag":null,"topics":["hacktoberfest","java","maven","maven-plugin","pgp-signature"],"latest_commit_sha":null,"homepage":"https://www.simplify4u.org/sign-maven-plugin/","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/s4u.png","metadata":{"funding":{"github":"slawekjaranowski"},"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2020-12-14T20:45:45.000Z","updated_at":"2025-04-11T23:55:15.000Z","dependencies_parsed_at":"2024-06-28T01:32:42.691Z","dependency_job_id":"178ff964-2a91-4a97-b334-9e9f8358a762","html_url":"https://github.com/s4u/sign-maven-plugin","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/s4u%2Fsign-maven-plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/s4u%2Fsign-maven-plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/s4u%2Fsign-maven-plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/s4u%2Fsign-maven-plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/s4u","download_url":"https://codeload.github.com/s4u/sign-maven-plugin/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253785498,"owners_count":21963977,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacktoberfest","java","maven","maven-plugin","pgp-signature"],"created_at":"2024-12-31T19:19:02.844Z","updated_at":"2025-05-12T17:24:26.955Z","avatar_url":"https://github.com/s4u.png","language":"Java","funding_links":["https://github.com/sponsors/slawekjaranowski"],"categories":[],"sub_categories":[],"readme":"# Sign Maven Plugin \n[![Build](https://github.com/s4u/sign-maven-plugin/workflows/Build/badge.svg)](https://github.com/s4u/sign-maven-plugin/actions?query=workflow%3ABuild)\n[![Reproducible Builds](https://img.shields.io/badge/Reproducible_Builds-ok-success?labelColor=1e5b96)](https://github.com/jvm-repo-rebuild/reproducible-central#org.simplify4u.plugins:sign-maven-plugin)\n[![Maven Central](https://maven-badges.herokuapp.com/maven-central/org.simplify4u.plugins/sign-maven-plugin/badge.svg)](https://maven-badges.herokuapp.com/maven-central/org.simplify4u.plugins/sign-maven-plugin)\n\n[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=org.simplify4u.plugins%3Asign-maven-plugin\u0026metric=alert_status)](https://sonarcloud.io/dashboard?id=org.simplify4u.plugins%3Asign-maven-plugin)\n[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=org.simplify4u.plugins%3Asign-maven-plugin\u0026metric=coverage)](https://sonarcloud.io/dashboard?id=org.simplify4u.plugins%3Asign-maven-plugin)\n[![Lines of Code](https://sonarcloud.io/api/project_badges/measure?project=org.simplify4u.plugins%3Asign-maven-plugin\u0026metric=ncloc)](https://sonarcloud.io/dashboard?id=org.simplify4u.plugins%3Asign-maven-plugin)\n\nCreates Open PGP / GPG signatures for all of the project's artifacts\nwithout any external software.\n\nThis plugin can replace **maven-gpg-plugin** in an easy way and provide new features.\n\n# Feature \n\n - all the signing operations are done using `Bouncy Castle`\n - support Maven `3.6` and is ready for next version `4.0` of Maven\n - support `subkey` for signing\n - easy to use on CI system, configuration can be provided by environment variables\n - key passphrase can be encrypted by standard Maven [Password Encryption](https://maven.apache.org/guides/mini/guide-encryption.html)\n - no needed store private key on CI system - you can use key from environment variable\n\n# Key prepare\n    \nPlease look at our [tutorial](https://www.simplify4u.org/sign-maven-plugin/key-prepare.html)\n\n# Usage\n## Key configuration provided in pom\n\n```xml\n\u003cplugins\u003e\n    \u003cplugin\u003e\n        \u003cgroupId\u003eorg.simplify4u.plugins\u003c/groupId\u003e\n        \u003cartifactId\u003esign-maven-plugin\u003c/artifactId\u003e\n        \u003cversion\u003e\u003c!-- check releases page --\u003e\u003c/version\u003e\n        \u003cexecutions\u003e\n            \u003cexecution\u003e\n                \u003cgoals\u003e\n                    \u003cgoal\u003esign\u003c/goal\u003e\n                \u003c/goals\u003e\n                \u003cconfiguration\u003e\n                    \u003ckeyId\u003e\u003c!-- key id in hex --\u003e\u003c/keyId\u003e\n                    \u003ckeyPass\u003e\u003c!-- private key passphrase --\u003e\u003c/keyPass\u003e\n                    \u003ckeyFile\u003e\u003c!-- private key file location --\u003e\u003c/keyFile\u003e\n                \u003c/configuration\u003e\n            \u003c/execution\u003e\n        \u003c/executions\u003e\n    \u003c/plugin\u003e\n    ...\n\u003c/plugins\u003e\n```\n\n## Key configuration provided in environment variables\n\nKey configuration can be provided by environment variables: `SIGN_KEY`, `SIGN_KEY_ID`, `SIGN_KEY_PASS`.\n\nWhen using environment variables for configuration, `SIGN_KEY` - must contain private key content - not file path for key\n\nSo your pom configuration can be simplified to:\n\n```xml\n\u003cplugins\u003e\n    \u003cplugin\u003e\n        \u003cgroupId\u003eorg.simplify4u.plugins\u003c/groupId\u003e\n        \u003cartifactId\u003esign-maven-plugin\u003c/artifactId\u003e\n        \u003cversion\u003e\u003c!-- check releases page --\u003e\u003c/version\u003e\n        \u003cexecutions\u003e\n            \u003cexecution\u003e\n                \u003cgoals\u003e\n                    \u003cgoal\u003esign\u003c/goal\u003e\n                \u003c/goals\u003e\n            \u003c/execution\u003e\n        \u003c/executions\u003e\n    \u003c/plugin\u003e\n    ...\n\u003c/plugins\u003e\n```\n\n# Documentations\n\nYou can find more information about configuration options on the site:\n\nhttps://www.simplify4u.org/sign-maven-plugin/\n\n# Testing latest snapshot version\n\nEach build of current version is deployed to sonatype snapshots repository.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fs4u%2Fsign-maven-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fs4u%2Fsign-maven-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fs4u%2Fsign-maven-plugin/lists"}