gpg no default secret key error using maven
I am trying to publish my maven project in the Central Repository and I need to sign my artifacts. I have downloaded and installed gpg and created my keyring. When I run a "maven clean deploy" in Eclipse, I get the following error:
gpg: no default secret key: No secret key
gpg: signing failed: No secret key
I have searched online and I am not sure what to do. The only reference about gpg in my pom.xml file is
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-gpg-plugin</artifactId>
<version>1.5</version>
<executions>
<execution>
<id>sign-artifacts</id>
<phase>verify</phase>
<goals>
<goal>sign</goal>
</goals>
</execution>
</executions>
</plugin>
Thanks!
Solution 1:
I just encountered the same error message. In my case it was caused by the key being expired as this command shows:
six-58:tmp hot$ gpg --list-keys
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
/Users/hot/.gnupg/pubring.gpg
-----------------------------
pub 2048R/236D3BEF 2016-12-30 [expired: 2018-12-30]
uid Holger Thurow <[email protected]>
Note the "[expired: 2018-12-30]".
This is what I did to solve the problem:
six-58:tmp hot$ gpg --edit-key 236D3BEF
gpg (GnuPG) 1.4.19; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Secret key is available.
pub 2048R/236D3BEF created: 2016-12-30 expired: 2018-12-30 usage: SC
trust: ultimate validity: expired
sub 2048R/450709B5 created: 2016-12-30 expired: 2018-12-30 usage: E
[ expired] (1). Holger Thurow <[email protected]>
gpg> 1
pub 2048R/236D3BEF created: 2016-12-30 expired: 2018-12-30 usage: SC
trust: ultimate validity: expired
sub 2048R/450709B5 created: 2016-12-30 expired: 2018-12-30 usage: E
[ expired] (1)* Holger Thurow <[email protected]>
gpg> expire
Changing expiration time for the primary key.
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
You need a passphrase to unlock the secret key for
user: "Holger Thurow <[email protected]>"
2048-bit RSA key, ID 236D3BEF, created 2016-12-30
pub 2048R/236D3BEF created: 2016-12-30 expires: never usage: SC
trust: ultimate validity: ultimate
sub 2048R/450709B5 created: 2016-12-30 expired: 2018-12-30 usage: E
[ultimate] (1)* Holger Thurow <[email protected]>
gpg> save
See "Dealing with Expired Keys" described in detail here.
Solution 2:
You cannot sign artifacts because you have no GPG key. The solution is to create one.
Solution 3:
This questions was asked a long time ago and I cannot remember exactly what I did to fix it. I do remember I had a spelling mistake in my settings.xml file. This is what I changed in my file:
<profile>
<id>sign</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<gpg.passphrase>password</gpg.passphrase>
</properties>
</profile>
This now works.