+Log into your Gerrit with ``YOUR_RELEASE_USERNAME``, upload the public
+part of the ``ssh-key`` you created earlier. Log out of Gerrit and log
+in again with your normal account for the next steps.
+
+
+In Gerrit create a new group called ``self-serve-release`` and give it
+direct push rights via ``All-Projects`` Add ``YOUR_RELEASE_USERNAME``
+to group ``self-serve-release`` and group ``Non-Interactive Users``
+
+
+In All project, grant group self-serve-release the following:
+
+.. code-block:: none
+
+ [access "refs/heads/*"]
+ push = group self-serve-release
+ [access "refs/tags/*"]
+ createTag = group self-serve-release
+ createSignedTag = group self-serve-release
+ forgeCommitter = group self-serve-release
+ push = group self-serve-release
+
+
+Jenkins
+=======
+
+Add a global credential to Jenkins called ``jenkins-release`` and set
+the ID: ``'jenkins-release'`` as its value insert the private half of
+the ``ssh-key`` that you created for your Gerrit user.
+
+Add Global vars in Jenkins:
+Jenkins configure -> Global properties -> Environment variables
+
+``RELEASE_USERNAME = YOUR_RELEASE_USERNAME``
+``RELEASE_EMAIL = YOUR_RELEASE_EMAIL``
+
+Jenkins configure -> Managed Files -> Add a New Config -> Custom File
+
+id: signing-pubkey
+Name: SIGNING_PUBKEY (optional)
+Comment: SIGNING_PUBKEY (optional)
+
+Content: (Ask Andy for the public signing key)
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+
+Add or edit the managed file in Jenkins called ``lftoolsini``,
+appending a nexus section: Jenkins Settings -> Managed files -> Add
+(or edit) -> Custom file
+
+.. code-block:: none
+
+ [nexus.example.com]
+ username=jenkins-release
+ password=<plaintext password>
+
+Ci-management
+=============
+
+Upgrade your project's global-jjb if needed, then add the following to
+your global defaults file (e.g., jjb/defaults.yaml).
+
+.. code-block:: bash
+
+ jenkins-ssh-release-credential: 'jenkins-release'