Skip to content
Latchkey

OSSRH "401 Unauthorized" deploying to Sonatype in CI

The deploy to Sonatype OSSRH returned 401. Maven found no matching <server id="ossrh"> credentials, or the user token is wrong. Publishing to Maven Central via OSSRH requires a valid Sonatype user token.

What this error means

mvn deploy fails with "Could not transfer artifact ... status code: 401, reason phrase: Unauthorized" against the OSSRH staging URL.

Maven
[ERROR] Failed to deploy artifacts: Could not transfer artifact com.acme:app:jar:1.0.0
[ERROR] to ossrh (https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/):
[ERROR] status code: 401, reason phrase: Unauthorized (401)

Common causes

No ossrh server credentials

The pom deploys with server id ossrh but settings.xml has no <server id="ossrh"> block with a username and token.

Using a password instead of the user token

Sonatype requires the generated user token (name and password), not the account login, for automated deploys.

How to fix it

Add the ossrh server with the user token

  1. Generate a Sonatype user token in the account settings.
  2. Add <server id="ossrh"> with the token name and token password from CI secrets.
  3. Re-run the deploy.
settings.xml
<server>
  <id>ossrh</id>
  <username>${env.OSSRH_TOKEN_USER}</username>
  <password>${env.OSSRH_TOKEN_PASS}</password>
</server>

Match the server id to the deploy repository

Ensure the distributionManagement repository id equals ossrh so Maven picks up the credentials.

How to prevent it

  • Use Sonatype user tokens for CI, not account passwords.
  • Keep the server id aligned with the deploy repository id.
  • Store the token in CI secrets and template settings.xml.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →