We follow this article to create the key.
Ensure you create a good personal and private keyword. Use lastpass or bitwarden or other password generators.
You will get a short key and a long key. Keep those numbers in a file for convenience.
Then we rebuild all our packages with our signature.
We also tell /etc/pacman.conf that we will be using signatures.
SigLevel = Required DatabaseOptional
We will be signing our database of Carli as well by changing the update_repo.sh.