Renew Expired GPG Keys for Maven Deployments with Spring Boot

While publishing a project that uses swagger-spring-boot-starter, a GPG signing error occurs because the signing key has expired. The console shows warnings such as:

*gpg: WARNING: "--no-use-agent" is an obsolete option - it has no effect
gpg: no default secret key: No secret key
gpg: signing failed: No secret key

First, check the current keyring to confirm the key status: $ gpg --list-keys The output reveals that the primary RSA2048 key created in 2017 expired in December 2019, and the associated subkey is also expired.

Step 1: Edit the expired key $ gpg --edit-key xxxxxxxxxxxxxxx After entering the edit mode, the key information is displayed, confirming the expiration dates.

Step 2: Extend the expiration date

gpg> expire
# Choose the new validity period (e.g., 0 for never expires)
# Confirm the change with y

The command updates both the primary key and the subkey to “never expires”. The updated key details now show:

sec  rsa2048/aaaaaaaaaaaaaaaa
    created: 2017-12-05  expires: never   usage: SC
ssb  rsa2048/bbbbbbbbbbbbbbbb
    created: 2017-12-05  expires: never   usage: E

Finally, save the changes: gpg> save With the renewed key, the Maven deploy command can be executed again to publish the artifact to the central repository.