Using Gradle's signing plugin

I am trying to use Gradle’s signing plugin with “in memory” keys[1], but am having difficulty understanding which values to use where. I have the following:

$ gpg --list-keys --keyid-format=long
pub <PUB>
uid ...
sub <SUB>

$ export GPG_KEY=$(gpg --armor --export <PUB>)

along with this build fragment

signing {
  sign publishing.publications.publishedArtifacts

  def signingKeyId = findProperty('signingKeyId')
  def signingKey = findProperty('signingKey')
  def signingPassword = findProperty('signingPassword')
  useInMemoryPgpKeys(signingKeyId, signingKey, signingPassword)

I’m sure much of this is my limited knowledge of GPG and PGP, but as I understand it, when the plugin doc talks about “signingKey”, that is my $GPG_KEY variable.

I am a bit unclear about what the doc calls “signingKeyId” - whether that is <PUB> or <SUB>. I’ve tried both and get the same error either way.

$ gradlew sign -PsigningKeyId=<PUB> -PsigningKey="$GPG_KEY" -PsigningPassword=...

> Error while evaluating property 'signatory' of task ':hibernate-core:signPublishedArtifactsPublication'
   > Could not read PGP secret key

I’ve also tried the form without passing a key-id - still same result. So I am clearly not understanding something here.

$ gradlew --version

Gradle 7.3.3

Build time:   2021-12-22 12:37:54 UTC
Revision:     6f556c80f945dc54b50e0be633da6c62dbe8dc71

Kotlin:       1.5.31
Groovy:       3.0.9
Ant:          Apache Ant(TM) version 1.10.11 compiled on July 10 2021
JVM:          11.0.6 (AdoptOpenJDK 11.0.6+10)
OS:           Linux 5.15.12-100.fc34.x86_64 amd64

Thank you in advance as this has blocked me since last week :smiley:

[1] either The Signing Plugin or The Signing Plugin