When attempting to install the tanzu CLI on an APT system (Debian or Ubuntu), it fails.

The failure occurs upon running the command: sudo apt update

The error reported is similar to below:

W: GPG error: https://storage.googleapis.com/tanzu-cli-os-packages/apt tanzu-cli-jessie Release: The following signatures were invalid: EXPKEYSIG 915493E7001E5CC9 VMware, Inc. (Linux Packaging Key) <[email protected]>
E: The repository 'https://storage.googleapis.com/tanzu-cli-os-packages/apt tanzu-cli-jessie Release' is not signed.

ANY environment that requires or makes use of the tanzu CLI.  

Such as:

Tanzu Kubernetes Grid

Tanzu Mission Control

vSphere IaaS control plane Documentation (formerly vSphere with Tanzu)

The VMware public key has expired. 

Using the old key as documented in the TKG docs is no longer supported because of the Broadcom acquisition of VMware.  We don't expect the VMware key to be extended.

As such, the below Resolution is to be updated in the public documentation. 

Until any public documentation is corrected, the permanent solution is to perform the following instead:

NOTE: Below installs tanzu CLI version 1.3.0 specifically instead of the latest CLI version. 

NOTE: If you had already run this and received the GPG signature errors, skip repeating the first three steps

1. sudo apt update


2. sudo apt install -y ca-certificates curl gpg


3. sudo mkdir -p /etc/apt/keyrings 

4. curl -fsSL https://storage.googleapis.com/tanzu-cli-installer-packages/keys/TANZU-PACKAGING-GPG-RSA-KEY.gpg | sudo gpg --dearmor -o /etc/apt/keyrings/tanzu-archive-keyring.gpg


5. echo "deb [signed-by=/etc/apt/keyrings/tanzu-archive-keyring.gpg] https://storage.googleapis.com/tanzu-cli-installer-packages/apt tanzu-cli-jessie main" | sudo tee /etc/apt/sources.list.d/tanzu.list


6. sudo apt update


7. sudo apt install tanzu-cli=1.3.0

If you have further issues or questions, please open a Tanzu Support Request