Describe the feature
The PGP public key used to verify AWS CLI v2 release artifacts (.zip + .zip.sig) is set to expire on 2026-07-07:
Type: RSA 4096
Created: 2019-09-18
Expires: 2026-07-07
User ID: AWS CLI Team [aws-cli@amazon.com](mailto:aws-cli@amazon.com)
Fingerprint: FB5D B77F D5C1 18B8 0511 ADA8 A631 0ACC 4672 475C
Use Case
As of 2026-07-06, the installation docs page still lists the same key with no updated expiry and no new key or self-signature extension has been published yet.
This is the same key previously reported in #9513 — expiry was extended at that time from 2025-07-24 to 2026-07-07 via a self-signature update on the existing keypair (not a new key rotation).
Any CI/CD pipeline that pins the GPG fingerprint for artifact verification will start failing after expiry. A heads-up or timeline for key renewal/rotation would help teams plan accordingly.
Proposed Solution
Either:
- Extend the key expiry via a new self-signature (as done previously), or
- Rotate to a new keypair and update the docs page accordingly
Acknowledgements
CLI version used
aws-cli/2.x
Describe the feature
The PGP public key used to verify AWS CLI v2 release artifacts (
.zip+.zip.sig) is set to expire on 2026-07-07:Use Case
As of 2026-07-06, the installation docs page still lists the same key with no updated expiry and no new key or self-signature extension has been published yet.
This is the same key previously reported in #9513 — expiry was extended at that time from 2025-07-24 to 2026-07-07 via a self-signature update on the existing keypair (not a new key rotation).
Any CI/CD pipeline that pins the GPG fingerprint for artifact verification will start failing after expiry. A heads-up or timeline for key renewal/rotation would help teams plan accordingly.
Proposed Solution
Either:
Acknowledgements
CLI version used
aws-cli/2.x