If you've never released before, you'll need to create a GPG key to use for signing the binaries.
That key will need to be appended to this file:
As well, you'll need to ensure you have your ~/.m2/settings.xml
file updated like so:
<settings>
<profiles>
<profile>
<id>apache-release</id>
<properties>
<gpg.passphrase>yourGpgPassphrase</gpg.passphrase>
</properties>
</profile>
</profiles>
<servers>
<server>
<id>apache.snapshots.https</id>
<username>yourApacheId</username>
<password>yourApachePass</password>
</server>
<server>
<id>apache.releases.https</id>
<username>yourApacheId</username>
<password>yourApachePass</password>
</server>
</servers>
</settings>
Note: if you get "authorization failed: Could not authenticate to server: rejected Basic challenge" error a workaround is to specify the user and password in the command line using -Dusername=XXX -Dpassword=YYYY. Another solution is to give them to maven release plugin but take care to not commit it!