Maven Deploy Plugin
  1. Maven Deploy Plugin
  2. MDEPLOY-129

Need a way to specify repository credentials securely for deploy operations

    Details

    • Number of attachments :
      0

      Description

      Currently, credentials for performing a deployment must be specified in the settings.xml. However, if a Maven repository is set to use LDAP for its authentication mechanism, this means exposing domain security credentials in plaintext in a static file on the hard drive and is extremely insecure (as specified in the documentation: "Unfortunately, Maven doesn't currently support hashed or encrypted passwords in the settings.xml"). This is simply not workable in a secure environment, e.g. government, defense, financial, etc.

      Instead there should be an option to provide these credentials on the command line or using hash or encryption algorithms.

        Activity

          People

          • Assignee:
            Robert Scholte
            Reporter:
            Rick Herrick
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: