Signing a Release Bundle

JFrog Distribution Documentation

Products
JFrog Distribution
Content Type
User Guide
ft:sourceType
Paligo

Important

This section is relevant for Release Bundles v1 only. For information about Release Bundles v2, which were introduced in Artifactory 7.63.2 and Distribution 2.19.1, see Distribute Release Bundles (v2).Distribute Release Bundles (v2)

Signing a Release Bundle finalizes the process of creating a Release Bundle. This sets the Release Bundle status to Signed and the Release Bundle can no longer be edited.

Note

Signing a Release Bundle will trigger the Artifactory to clone the contents of the signed Release Bundle into an isolated Release Bundle Repository.Release Bundle Repositories

  1. You can sign a Release Bundle from the Edit Release Bundle page or from the New Release Bundle page.

  2. From Distribution release 2.14.1, if you are using multiple GPG signing keys in Distribution, you can now select which signing key to use in the Platform UI (previously available only from the REST API). If no key is selected, the default/primary key will be used to sign the Release Bundle.

  3. Click Sign Version.

  4. In the Sign Version window, you will see the name of the Release Bundle and its version. From the Select Signing Key dropdown, select the signing key.

    DIST_GPG-Sign-Version.png
  5. If the signing key was created with a passphrase, JFrog Distribution will prompt you to enter the passphrase.

    DIST-sign-version-with-pass.png

    Note

    Important: Once you sign a version, you will not be able to edit it.

  6. Click Sign to sign your version.

  7. Next, continue to distributing your Release Bundle when ready.