github.com/fitzix/goreleaser@v0.92.0/www/content/sign.md (about) 1 --- 2 title: Signing 3 series: customization 4 hideFromIndex: true 5 weight: 60 6 --- 7 8 GoReleaser can sign some or all of the generated artifacts. Signing ensures 9 that the artifacts have been generated by yourself and your users can verify 10 that by comparing the generated signature with your public signing key. 11 12 Signing works in combination with checksum files and it is generally sufficient 13 to sign the checksum files only. 14 15 The default is configured to create a detached signature for the checksum files 16 with [GnuPG](https://www.gnupg.org/) and your default key. To enable signing 17 just add 18 19 ```yaml 20 # goreleaser.yml 21 sign: 22 artifacts: checksum 23 ``` 24 25 To customize the signing pipeline you can use the following options: 26 27 ```yml 28 # .goreleaser.yml 29 sign: 30 # name of the signature file. 31 # '${artifact}' is the path to the artifact that should be signed. 32 # 33 # signature: "${artifact}.sig" 34 35 # path to the signature command 36 # 37 # cmd: gpg 38 39 # command line arguments for the command 40 # 41 # to sign with a specific key use 42 # args: ["-u", "<key id, fingerprint, email, ...>", "--output", "${signature}", "--detach-sign", "${artifact}"] 43 # 44 # args: ["--output", "${signature}", "--detach-sign", "${artifact}"] 45 46 47 # which artifacts to sign 48 # 49 # checksum: only checksum file(s) 50 # all: all artifacts 51 # none: no signing 52 # 53 # artifacts: none 54 ```