Matthias Braun's questions -server

Matthias Braun

Asked: 2014-03-08 05:32:51 +0800 CST

Where to store private key on Linux build server

On my Debian 3.2.54-2 build server I'd like to sign the build artifacts (JAR files) with my private key to ensure their authenticity.

I've created a private key secring.gpg using GnuPG and protected it with a password. I'm using Jenkins and Gradle for automated building and signing. I have to pass Gradle the location of secring.gpg so it can sign the JARs, but I'm not sure where to put it.

Are there any conventions or best practices regarding this?

I've browsed the related questions and googled the question but that didn't yield any answers to me.

I'm new to security related topics, so if I can provide any additional information, please let me know.

Thanks.

Where to store private key on Linux build server

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?