I know that it is possible to encrypt a password and put the encrypted data in the settings.xml, so that Maven can access a remote server (for deployment, etc.).
However, in my case, the password is a parameter in the configuration of a third-party plugin.
Normally, the pom.xml configuration for this plugin looks like that:
<build>
<plugins>
<plugin>
<groupId>xxx</groupId>
<artifactId>maven-xxx-plugin</artifactId>
...
<configuration>
<serverAddress>http://myserver</serverAddress>
<port>4242</port>
<username>unicorn</username>
<password>thePassword</password>
...
But I don’t like the idea to set the password in plain text in my pom.xml. So I tried to set it as a property (<password>${encrypted.password}</password>) and set the encrypted password in the settings.xml file, using mvn --encrypt-password thePassword command:
<profiles>
<profile>
<id>myprofile</id>
<properties>
<!-- Encrypted passwords -->
<encrypted.password>{dJXVRKwRiY8HqzhGecHd/MYju/aIEmMT8cnE6MY53uPNr0ro/CAsXSLlgzEjxYeU}</encrypted.password>
</properties>
Unfortunately, this does not work (I suspect that the plugin uses the encrypted password as a “clear” password, and does not try to decrypt it).
Is there a way to make it work? If not, what are the alternative to avoid putting plain text password in pom.xml or settings.xml?
Thanks.
ps: I’m using Maven 2.2.1, but I can also use Maven 3.0 if needed.
Maven provided the necessary support to encrypt passwords in
settings.xml, and for plugins to retrieve them. See for example SqlExecMojo.java.Plugins “just” have to use this feature to be more user-friendly with credentials management.