...

The recommended approach from Digicert is leveraging the custom PKCS#11 implementation with the maven-jarsigner-plugin for automating the JAR signing process: https://docs.digicert.com/deen/digicert-one/secure-softwaresoftware-trust-manager/cisigning-cd-integrations/maven-integrationtools/sign-java-files-with-jarsigner-using-pkcs11-integration.html. (ASF INFRA also has some recommendations at https://infra.apache.org/digicert-use.html, but those are primarily targeted at signing Windows applications at the moment).

...

All secrets were created by INFRA in the context of

Jira

These are

	Environment Variable	Description	Jenkins Credentials ID
1	SM_API_KEY	is the API token generated as outlined at https://docs.digicert.com/de/digicert-one/secure-software-manager/ci-cd-integrations/maven-integration-with-pkcs11.html. The Token is bound to a service user created by INFRA (https://one.digicert.com/account/access/service-user/0f81f60f-ad92-469e-8db0-4ed91f9b0f55)	sling-digicert-pkcs-api-key (https://ci-builds.apache.org/job/Sling/credentials/store/folder/domain/_/credential/sling-digicert-pkcs-api-key/)
2	SM_CLIENT_CERT_FILE	The path to the certificate to use for the client authentication The certificate is bound to a service user created by INFRA (https://one.digicert.com/account/access/service-user/0f81f60f-ad92-469e-8db0-4ed91f9b0f55)	sling-digicert-pkcs-certificate (https://ci-builds.apache.org/job/Sling/credentials/store/folder/domain/_/credential/sling-digicert-pkcs-certificate/)
3	SM_CLIENT_CERT_PASSWORD	The password of the certificate to use for the client authentication	sling-digicert-pkcs-cert-pw(https://ci-builds.apache.org/job/Sling/credentials/store/folder/domain/_/credential/sling-digicert-pkcs-cert-pw/)
4	SM_HOST	https://clientauth.one.digicert.com (has to be set explicitly as the default host does not allow authentication with SM_CLIENT_CERT_FILE)	n/a

Integration in Tycho P2 Repository Build

...

Space shortcuts