Background
The export rule only supports gpg_sign option which requires the gpg binary to be installed on the machine and set up correctly. This doesn't fit the need if we want to build, sign and release artifacts through our CI builder. In that use case, we should use OpenPGP in memory signing and keep the signing key and pwd inside Jenkins job as a secret env variable.
Background The export rule only supports
gpg_sign
option which requires thegpg
binary to be installed on the machine and set up correctly. This doesn't fit the need if we want to build, sign and release artifacts through our CI builder. In that use case, we should use OpenPGP in memory signing and keep the signing key and pwd inside Jenkins job as a secret env variable.