literal:secretkey

[leonardofl]

Hello,

I'm trying to load the secret key into PGP_SECRETKEY in the follow way:

export PGP_SECRETKEY=`cat secretkey.asc`

But I'm getting the following error at mvn install:

[ERROR] Failed to execute goal org.kohsuke:pgp-maven-plugin:1.1:sign (default) on project fatiador: Invalid secret key scheme '-----BEGIN PGP PRIVATE KEY BLOCK-----
[ERROR] Version'. If this is your custom scheme, perhaps you forgot to specify it in <dependency> to this plugin?: java.util.NoSuchElementException
[ERROR]       role: org.kohsuke.maven.pgp.SecretKeyLoader
[ERROR]   roleHint: -----BEGIN PGP PRIVATE KEY BLOCK-----

I have tried also to add a "literal:" in the beginning of my secret key. What resulted:

[ERROR] Failed to execute goal org.kohsuke:pgp-maven-plugin:1.1:sign (default) on project fatiador: Invalid secret key scheme 'literal'. If this is your custom scheme, perhaps you forgot to specify it in <dependency> to this plugin?: java.util.NoSuchElementException
[ERROR]       role: org.kohsuke.maven.pgp.SecretKeyLoader
[ERROR]   roleHint: literal

My private key structure:

-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: GnuPG v1

...
B8hLNsLWwcxxxxxxxxxxxxxxxxxxxxxxeJR64Bhrz
...
-----END PGP PRIVATE KEY BLOCK-----

Digging here in the code, it looks like it is not possible to load the secret key as a literal. Is it right?

I'm trying to setup a Gitlab CI pipeline to deploy to the maven repository with JAR signatures. And I don't think committing the secret key (even it has a password) is a good practice.

Is there any recommendation?

Tks!!!

[schnatterer]

Maybe I'm two years late, but anyways, here's my workaround:

Store the private key in an env var and write it to a temp file.
The env var can be defined in your CI server.
Use base64 to avoid escaping hell.

TMP_KEY="$(mktemp)"
echo "${PK_BASE64}" | base64 -d > "${TMP_KEY}"
export PGP_SECRETKEY="keyfile:${TMP_KEY}"

I successfully implemented this using travisCI.