Sign your own binaries with go-tool-base, part 6: sign every release with GoReleaser
By now you’ve got all the pieces lying on the bench. A KMS key that signs but never hands over its private half (Part 2). A CI role you can assume over OIDC with no stored credentials (Part 3). A public key you’ve minted …
