Fork me on GitHub


Sign Maven Plugin allows you to creates OpenPGP signatures for all of the project’s artifacts without any external software.

This plugin can replace maven-gpg-plugin in an easy way and provide new features.


  • all the signing operations are done using Bouncy Castle
  • support Maven 3.6 and is ready for next version 3.7/4.0 of Maven with Consumer POM
  • support subkey for signing
  • easy to use on CI system, configuration can be provided by environment variables
  • key passphrase can be encrypted by standard Maven Password Encryption