gpg no default secret key error using maven

Question

I am trying to publish my maven project in the Central Repository and I need to sign my artifacts. I have downloaded and installed gpg and created my keyring. When I run a "maven clean deploy" in Eclipse, I get the following error:

gpg: no default secret key: No secret key
gpg: signing failed: No secret key

I have searched online and I am not sure what to do. The only reference about gpg in my pom.xml file is

    <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-gpg-plugin</artifactId>
        <version>1.5</version>
        <executions>
            <execution>
                <id>sign-artifacts</id>
                <phase>verify</phase>
                <goals>
                    <goal>sign</goal>
                </goals>
            </execution>
        </executions>
    </plugin>   

Thanks!

Answer 1

I just encountered the same error message. In my case it was caused by the key being expired as this command shows:

six-58:tmp hot$ gpg --list-keys
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
/Users/hot/.gnupg/pubring.gpg
-----------------------------
pub   2048R/236D3BEF 2016-12-30 [expired: 2018-12-30]
uid                  Holger Thurow <[email protected]>

Note the "[expired: 2018-12-30]".

This is what I did to solve the problem:

six-58:tmp hot$ gpg --edit-key 236D3BEF
gpg (GnuPG) 1.4.19; Copyright (C) 2015 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Secret key is available.

pub  2048R/236D3BEF  created: 2016-12-30  expired: 2018-12-30  usage: SC  
                     trust: ultimate      validity: expired
sub  2048R/450709B5  created: 2016-12-30  expired: 2018-12-30  usage: E   
[ expired] (1). Holger Thurow <[email protected]>

gpg> 1

pub  2048R/236D3BEF  created: 2016-12-30  expired: 2018-12-30  usage: SC  
                     trust: ultimate      validity: expired
sub  2048R/450709B5  created: 2016-12-30  expired: 2018-12-30  usage: E   
[ expired] (1)* Holger Thurow <[email protected]>

gpg> expire
Changing expiration time for the primary key.
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 
Key does not expire at all
Is this correct? (y/N) y

You need a passphrase to unlock the secret key for
user: "Holger Thurow <[email protected]>"
2048-bit RSA key, ID 236D3BEF, created 2016-12-30


pub  2048R/236D3BEF  created: 2016-12-30  expires: never       usage: SC  
                     trust: ultimate      validity: ultimate
sub  2048R/450709B5  created: 2016-12-30  expired: 2018-12-30  usage: E   
[ultimate] (1)* Holger Thurow <[email protected]>

gpg> save

See "Dealing with Expired Keys" described in detail here.

Answer 2

You cannot sign artifacts because you have no GPG key. The solution is to create one.