How to sign JAR file during release promotion

There is a way to sign specific Jar files. It will be based on the automatic jar signing feature. To do this, you should create an Artifactory Promotion User Plugin, where you can select the published or dependant jar files from a build based on parameters. Theses plugins are groovy based and any policies you wish to implement can be done there. You will want to have it create a new version of the build info with the new checksums obtained after signing and publish that build info, this is because build info is immutable so you cannot update the checksums after they change. This is similar to the above promotion plugin where the pom files are modified and reset in the build info.

To develop and test User Plugins please use or development environment project Artifactory User Plugins Devenv.