diff --git a/sop-java-picocli/src/main/java/sop/cli/picocli/commands/InlineSignCmd.java b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/InlineSignCmd.java
deleted file mode 100644
index 1865bcf..0000000
--- a/sop-java-picocli/src/main/java/sop/cli/picocli/commands/InlineSignCmd.java
+++ /dev/null
@@ -1,101 +0,0 @@
-// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
-//
-// SPDX-License-Identifier: Apache-2.0
-
-package sop.cli.picocli.commands;
-
-import picocli.CommandLine;
-import sop.Ready;
-import sop.cli.picocli.SopCLI;
-import sop.enums.InlineSignAs;
-import sop.exception.SOPGPException;
-import sop.operation.InlineSign;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.ArrayList;
-import java.util.List;
-
-@CommandLine.Command(name = "inline-sign",
-        resourceBundle = "msg_inline-sign",
-        exitCodeOnInvalidInput = SOPGPException.UnsupportedOption.EXIT_CODE)
-public class InlineSignCmd extends AbstractSopCmd {
-
-    @CommandLine.Option(names = "--no-armor",
-            negatable = true)
-    boolean armor = true;
-
-    @CommandLine.Option(names = "--as",
-            paramLabel = "{binary|text|clearsigned}")
-    InlineSignAs type;
-
-    @CommandLine.Parameters(paramLabel = "KEYS")
-    List<String> secretKeyFile = new ArrayList<>();
-
-    @CommandLine.Option(names = "--with-key-password",
-            paramLabel = "PASSWORD")
-    List<String> withKeyPassword = new ArrayList<>();
-
-    @Override
-    public void run() {
-        InlineSign inlineSign = throwIfUnsupportedSubcommand(
-                SopCLI.getSop().inlineSign(), "inline-sign");
-
-        // Clearsigned messages are inherently armored, so --no-armor makes no sense.
-        if (!armor && type == InlineSignAs.clearsigned) {
-            String errorMsg = getMsg("sop.error.usage.incompatible_options.clearsigned_no_armor");
-            throw new SOPGPException.IncompatibleOptions(errorMsg);
-        }
-
-        if (type != null) {
-            try {
-                inlineSign.mode(type);
-            } catch (SOPGPException.UnsupportedOption unsupportedOption) {
-                String errorMsg = getMsg("sop.error.feature_support.option_not_supported", "--as");
-                throw new SOPGPException.UnsupportedOption(errorMsg, unsupportedOption);
-            }
-        }
-
-        if (secretKeyFile.isEmpty()) {
-            String errorMsg = getMsg("sop.error.usage.parameter_required", "KEYS");
-            throw new SOPGPException.MissingArg(errorMsg);
-        }
-
-        for (String passwordFile : withKeyPassword) {
-            try {
-                String password = stringFromInputStream(getInput(passwordFile));
-                inlineSign.withKeyPassword(password);
-            } catch (SOPGPException.UnsupportedOption unsupportedOption) {
-                String errorMsg = getMsg("sop.error.feature_support.option_not_supported", "--with-key-password");
-                throw new SOPGPException.UnsupportedOption(errorMsg, unsupportedOption);
-            } catch (IOException e) {
-                throw new RuntimeException(e);
-            }
-        }
-
-        for (String keyInput : secretKeyFile) {
-            try (InputStream keyIn = getInput(keyInput)) {
-                inlineSign.key(keyIn);
-            } catch (IOException e) {
-                throw new RuntimeException(e);
-            } catch (SOPGPException.KeyIsProtected e) {
-                String errorMsg = getMsg("sop.error.runtime.cannot_unlock_key", keyInput);
-                throw new SOPGPException.KeyIsProtected(errorMsg, e);
-            } catch (SOPGPException.BadData badData) {
-                String errorMsg = getMsg("sop.error.input.not_a_private_key", keyInput);
-                throw new SOPGPException.BadData(errorMsg, badData);
-            }
-        }
-
-        if (!armor) {
-            inlineSign.noArmor();
-        }
-
-        try {
-            Ready ready = inlineSign.data(System.in);
-            ready.writeTo(System.out);
-        } catch (IOException e) {
-            throw new RuntimeException(e);
-        }
-    }
-}
diff --git a/sop-java-picocli/src/main/kotlin/sop/cli/picocli/commands/InlineSignCmd.kt b/sop-java-picocli/src/main/kotlin/sop/cli/picocli/commands/InlineSignCmd.kt
new file mode 100644
index 0000000..c41f6f6
--- /dev/null
+++ b/sop-java-picocli/src/main/kotlin/sop/cli/picocli/commands/InlineSignCmd.kt
@@ -0,0 +1,89 @@
+// SPDX-FileCopyrightText: 2023 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.cli.picocli.commands
+
+import java.io.IOException
+import picocli.CommandLine.*
+import sop.cli.picocli.SopCLI
+import sop.enums.InlineSignAs
+import sop.exception.SOPGPException.*
+
+@Command(
+    name = "inline-sign",
+    resourceBundle = "msg_inline-sign",
+    exitCodeOnInvalidInput = UnsupportedOption.EXIT_CODE)
+class InlineSignCmd : AbstractSopCmd() {
+
+    @Option(names = ["--no-armor"], negatable = true) var armor = true
+
+    @Option(names = ["--as"], paramLabel = "{binary|text|clearsigned}")
+    var type: InlineSignAs? = null
+
+    @Parameters(paramLabel = "KEYS") var secretKeyFile: List<String> = listOf()
+
+    @Option(names = ["--with-key-password"], paramLabel = "PASSWORD")
+    var withKeyPassword: List<String> = listOf()
+
+    override fun run() {
+        val inlineSign = throwIfUnsupportedSubcommand(SopCLI.getSop().inlineSign(), "inline-sign")
+
+        if (!armor && type == InlineSignAs.clearsigned) {
+            val errorMsg = getMsg("sop.error.usage.incompatible_options.clearsigned_no_armor")
+            throw IncompatibleOptions(errorMsg)
+        }
+
+        type?.let {
+            try {
+                inlineSign.mode(it)
+            } catch (unsupportedOption: UnsupportedOption) {
+                val errorMsg = getMsg("sop.error.feature_support.option_not_supported", "--as")
+                throw UnsupportedOption(errorMsg, unsupportedOption)
+            }
+        }
+
+        if (secretKeyFile.isEmpty()) {
+            val errorMsg = getMsg("sop.error.usage.parameter_required", "KEYS")
+            throw MissingArg(errorMsg)
+        }
+
+        for (passwordFile in withKeyPassword) {
+            try {
+                val password = stringFromInputStream(getInput(passwordFile))
+                inlineSign.withKeyPassword(password)
+            } catch (unsupportedOption: UnsupportedOption) {
+                val errorMsg =
+                    getMsg("sop.error.feature_support.option_not_supported", "--with-key-password")
+                throw UnsupportedOption(errorMsg, unsupportedOption)
+            } catch (e: IOException) {
+                throw RuntimeException(e)
+            }
+        }
+
+        for (keyInput in secretKeyFile) {
+            try {
+                getInput(keyInput).use { keyIn -> inlineSign.key(keyIn) }
+            } catch (e: IOException) {
+                throw RuntimeException(e)
+            } catch (e: KeyIsProtected) {
+                val errorMsg = getMsg("sop.error.runtime.cannot_unlock_key", keyInput)
+                throw KeyIsProtected(errorMsg, e)
+            } catch (badData: BadData) {
+                val errorMsg = getMsg("sop.error.input.not_a_private_key", keyInput)
+                throw BadData(errorMsg, badData)
+            }
+        }
+
+        if (!armor) {
+            inlineSign.noArmor()
+        }
+
+        try {
+            val ready = inlineSign.data(System.`in`)
+            ready.writeTo(System.out)
+        } catch (e: IOException) {
+            throw RuntimeException(e)
+        }
+    }
+}