Normally you'll be using shared organisation-wide credentials, but if you need to rotate those credentials, or just create some new ones for your organisation:
As of mid-June 2024, the Sonatype release API now requires token authentication, and the old authentication method using the Nexus UI username & password no longer works.
Note these points:
- The token is in a colon-separated username/password format (eg
u5erNam3:pA55w0rd), and both username & password are randomised & revocable secret strings. - Tokens generated on either https://oss.sonatype.org/ or https://s01.oss.sonatype.org/ will be different, and
a token generated on one will not work on the other. So, eg, if your
SONATYPE_CREDENTIAL_HOSTiss01.oss.sonatype.org, you'll need to use a token generated ons01.oss.sonatype.org. Remember that theSONATYPE_CREDENTIAL_HOSTyou use is dictated by which Sonatype OSSRH server your profile is hosted on.
Guardian developers: currently the Guardian'scom.guprofile is hosted on https://oss.sonatype.org/, so our token use must be generated there, logged in with theguardian.automated.maven.releaseaccount.
See the full docs on using a new PGP key.
See GitHub's instructions for generating a private key. If you haven't already created a GitHub App for the release workflow, see Setting up the GitHub App first.
Guardian developers: Here's a direct link to our GitHub App settings page, where you can generate a new private key: https://github.com/organizations/guardian/settings/apps/gu-scala-library-release