House keeping (#64)

* Remove fingerprint of signing from POM
* prevent leakage of NVD API key in logs

Author: infeo

.github/workflows/publish-central.yml

@@ -32,3 +32,4 @@ jobs:
           MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
           MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
           MAVEN_GPG_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
+          MAVEN_GPG_KEY_FINGERPRINT: ${{ vars.RELEASES_GPG_KEY_FINGERPRINT }}

.github/workflows/publish-github.yml

@@ -23,6 +23,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
           MAVEN_GPG_KEY: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }}
+          MAVEN_GPG_KEY_FINGERPRINT: ${{ vars.RELEASES_GPG_KEY_FINGERPRINT }}
       - name: Slack Notification
         uses: rtCamp/action-slack-notify@v2
         env:

pom.xml

@@ -263,7 +263,7 @@
 							<skipTestScope>true</skipTestScope>
 							<detail>true</detail>
 							<suppressionFile>suppression.xml</suppressionFile>
-							<nvdApiKey>${env.NVD_API_KEY}</nvdApiKey>
+							<nvdApiKeyEnvironmentVariable>NVD_API_KEY</nvdApiKeyEnvironmentVariable>
 						</configuration>
 						<executions>
 							<execution>
@@ -321,7 +321,6 @@
 								</goals>
 								<configuration>
 									<signer>bc</signer>
-									<keyFingerprint>58117AFA1F85B3EEC154677D615D449FE6E6A235</keyFingerprint>
 								</configuration>
 							</execution>
 						</executions>