sbt-0.10 plugin to sign artifacts on publish (e.g., with pgp).
Switch branches/tags
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


Use instead.

Enables Ivy detached signature generators in sbt. Useful to meet the Maven Central requirement that each plugin is signed with GPG. When this plugin is enabled, all artifacts will be published with a *.asc signature.

How to use

I use it as a global plugin. This prevents it from cluttering up the build for those who aren't publishing to Maven Central and makes it easy to keep my secret key secret.

  1. Upgrade to at least sbt-0.10.1.

  2. Create `~/.sbt/plugins/project/build.scala'

     import sbt._
     import sbt.Keys._
     object PluginDef extends Build {
       override val projects = Seq(root)
       lazy val root = Project("plugins", file(".")) dependsOn (signerPlugin)
       lazy val signerPlugin = uri("git://")
  3. Create ~/.sbt/plugins/SignerPluginConfig.scala

     import sbt._
     import sbt.Keys._
     import com.rossabaker.sbt.signer.SignerPlugin
     import SignerPlugin.Keys._
     object SignerPluginConfig extends Plugin {
       override lazy val settings = Seq(
         signatureGenerator := Some(SignerPlugin.OpenPgpSignatureGenerator(
           name = "sbt-pgp", 
           password = "****"))) ++ SignerPlugin.signerSettings
  4. Download the Bouncy Castle Java Cryptography Libraries and put them in $HOME/share/java/.

  5. [non-conformists only] If you chose a BouncyCastle other than 1.46, or didn't put them in $HOME/share/java, declare them in your build:

     override lazy val settings = Seq(
       bouncyCastleLibraries in Global := Seq(
         "my" / "bizarre" / "location" / "bcprov.jar",
         "my" / "bizarre" / "location" / "bcpg.jar",
     ) ++ SignerPlugin.signerSettings

Cruft warning

This project dynamically augments sbt's classpath when the project is loaded. The BouncyCastle jars are copied to project/boot/scala-*/org.scala-tools.sbt/sbt/*/extra/. If you choose to stop using this plugin, you will want to do a reboot full.


  • Resolve the BouncyCastle libraries with Ivy to obviate steps 4 and 5.