AlexanderBartash
commented
2 months ago Btw, the doc https://plugins.jetbrains.com/docs/intellij/plugin-signing.html says
A plugin author generates a key pair and ~uploads the public part to JetBrains Marketplace~ (this feature is not yet available).
It is kind of supported. In JB user profile, there is an ability to upload a public part of an SSH key, which can be also stored on YubiKey (with private key). You just need another field like that, but for signature verification, because different keys might be used for signing & auth, see https://stackoverflow.com/questions/73673920/do-i-need-authentication-as-well-as-signing-keys-on-github#:~:text=The%20difference%20between%20signing%20keys,may%20be%20added%20for%20both.
I could not find any documentation on the topic.
YubiKey allows secure storage of certificates, which can be used e.g. for signing Git commits https://developers.yubico.com/PGP/Git_signing.html or SSH auth https://developers.yubico.com/PGP/SSH_authentication/
It seems to me, it should be applicable here too.
Thank you.