If you've never released before, you'll need to create a GPG key to use for signing the binaries.

That key will need to be appended to this file:

As well, you'll need to ensure you have your ~/.m2/settings.xml file updated like so:

<settings>
  <profiles>
    <profile>
      <id>apache-release</id>
      <properties>
        <gpg.passphrase>yourGpgPassphrase</gpg.passphrase>
      </properties>
    </profile>
  </profiles>
  <servers>
    <server>
      <id>apache.snapshots.https</id>
      <username>yourApacheId</username>
      <password>yourApachePass</password>
    </server>
    <server>
      <id>apache.releases.https</id>
      <username>yourApacheId</username>
      <password>yourApachePass</password>
    </server>
  </servers>
</settings>

Note: if you get "authorization failed: Could not authenticate to server: rejected Basic challenge" error a workaround is to specify the user and password in the command line using -Dusername=XXX -Dpassword=YYYY. Another solution is to give them to maven release plugin but take care to not commit it!