Skip to content

Release signature key 0xA6310ACC4672475C expires 2026-07-07 - no renewed key published yet #10474

Description

@tantran2019

Describe the feature

The PGP public key used to verify AWS CLI v2 release artifacts (.zip + .zip.sig) is set to expire on 2026-07-07:

Type:         RSA 4096
Created:      2019-09-18
Expires:      2026-07-07
User ID:      AWS CLI Team [aws-cli@amazon.com](mailto:aws-cli@amazon.com)
Fingerprint:  FB5D B77F D5C1 18B8 0511 ADA8 A631 0ACC 4672 475C

Use Case

As of 2026-07-06, the installation docs page still lists the same key with no updated expiry and no new key or self-signature extension has been published yet.

This is the same key previously reported in #9513 — expiry was extended at that time from 2025-07-24 to 2026-07-07 via a self-signature update on the existing keypair (not a new key rotation).

Any CI/CD pipeline that pins the GPG fingerprint for artifact verification will start failing after expiry. A heads-up or timeline for key renewal/rotation would help teams plan accordingly.

Proposed Solution

Either:

  • Extend the key expiry via a new self-signature (as done previously), or
  • Rotate to a new keypair and update the docs page accordingly

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CLI version used

aws-cli/2.x

Metadata

Metadata

Assignees

No one assigned

    Labels

    feature-requestA feature should be added or improved.

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions