How can I use GoReleaser to sign a binary with a GPG key that requires a passphrase

Question

So it looks like Terraform recommends this config for GoReleaser, when I looked at it, there's nothing that uses sign parameter or something, does it mean that every project that uses this GoReleaser config uses an open GPG key then?

GoReleaser does not support signing binaries with a GPG key that requires a passphrase.

source: https://www.terraform.io/docs/registry/providers/publishing.html

score 1 · Answer 1 · answered Oct 19 '21 at 14:05

You can probably provide the password using the stdin property, e.g.:

signs:
  - artifacts: checksum
    args:
      - "--batch"
      - "--local-user"
      - "{{ .Env.GPG_FINGERPRINT }}"
      - "--output"
      - "${signature}"
      - "--detach-sign"
      - "${artifact}"
    stdin: '{{ .Env.GPG_PASSWORD }}'

How can I use GoReleaser to sign a binary with a GPG key that requires a passphrase

1 Answers1