add gpg info to maven central publishing page

devalog · devalog · commit a285a00b32ae · 2025-08-07T12:56:20.000-04:00
diff --git a/fern/products/sdks/overview/java/publishing-to-maven-central.mdx b/fern/products/sdks/overview/java/publishing-to-maven-central.mdx
@@ -116,29 +116,32 @@ groups:
           repository: your-org/company-java
 ```
 	</Step>
+</Steps>
 
-    <Step title="Generate GPG Signature">
+## Generate GPG Signature
 
-    Next, set up code signing credentials by generating or identifying a GPG key ID, password, and secret key.  Maven Central requires all artifacts to be digitally signed with PGP/GPG keys.
+  Next, set up code signing credentials by generating or identifying a GPG key ID, password, and secret key.  Maven Central requires all artifacts to be digitally signed with PGP/GPG keys.
 
 <Info>If you don't have gpg installed, you can download the binary from [https://gnupg.org/download/index.html](https://gnupg.org/download/index.html), or install it via package manager.</Info>
-
-1. Find your key
-    * If you already have a GPG key, you can list your keys:
+<Steps>
+<Step title="Find your key">
+    If you already have a GPG key, you can list your keys:
 
         ```sh
         gpg --list-secret-keys --keyid-format LONG
         ```
 
-    * If you don't have a GPG key, you can generate a new one:
+    If you don't have a GPG key, you can generate a new one:
 
         ```sh
         gpg --gen-key
         ```
         
         You'll be prompted to create a new username and passphrase. 
+</Step>
+<Step title="Export your key">
 
-1. To export your secret key, run:
+Export your key so you can store it in an environment variable later on:
 
     ```sh
     gpg --export-secret-keys --armor YOUR_KEY_ID
@@ -147,14 +150,6 @@ groups:
     Be sure to replace `YOUR_KEY_ID` with the key ID of the key you want to export.
 
     <Info>More information is available on [Maven Central's GPG validation page](https://central.sonatype.org/publish/requirements/gpg/).</Info>
-1. Finally, upload your key to public key servers so Maven Central can access the signature:
-
-  ```bash
-  # Upload to multiple key servers
-  gpg --keyserver keyserver.ubuntu.com --send-keys YOUR_KEY_ID
-  gpg --keyserver keys.openpgp.org --send-keys YOUR_KEY_ID
-  gpg --keyserver pgp.mit.edu --send-keys YOUR_KEY_ID
-```
 </Step>
 <Step title="Configure GPG Signature">
 
@@ -179,6 +174,17 @@ groups:
           repository: your-org/company-java
 ```
 </Step>
+<Step title="Upload your key to public key servers">
+
+Finally, upload your key to public key servers so Maven Central can access the signature:
+
+  ```bash
+  # Upload to multiple key servers
+  gpg --keyserver keyserver.ubuntu.com --send-keys YOUR_KEY_ID
+  gpg --keyserver keys.openpgp.org --send-keys YOUR_KEY_ID
+  gpg --keyserver pgp.mit.edu --send-keys YOUR_KEY_ID
+```
+</Step>
 </Steps>
 
 ## Release your SDK to Maven Central
