Maven SCM

Support for encrypted passwords in settings.xml

Details

  • Type: New Feature New Feature
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: None
  • Fix Version/s: 1.5
  • Component/s: maven-plugin
  • Labels:
    None
  • Environment:
    Should be platform independent solution.
  • Complexity:
    Intermediate
  • Number of attachments :
    1

Description

Currently, Maven 2.1.x and 2.2.x have support for storing encrypted passwords in the server.xml file and decrypting them for authentication to a specific maven repository. This task proposes a similar approach so that users can store their encrypted password in the server.xml file and the SCM plugin will decrypt and authenticate to the SCM server. I would assume this approach would use the same Maven crypto mechanism to encrypt/decrypt the passwords.

Issue Links

This issue relates to:
MRELEASE-648 Putting SVN password in settings.xml doesn't support password encryption Major Closed
This issue is related to:
MNG-4384 Can not use the plexus component org.sonatype.plexus.components.sec.dispatcher.SecDispatcher since maven 2.2.0 Major Closed

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Matthew McCullough added a comment -

It appears that the decryption only exists in the DefaultMaven.java (wagon dispatch) today. I'm adding it to AbstractScmMojo.java (conditionally) so that in Maven 2.1 or higher we can encrypt SCM passwords.

Full description of the process and code changes:
http://ambientideas.com/blog/index.php/2009/08/encrypted-scm-passwords-in-maven/

Patch attached.

Show
Matthew McCullough added a comment - It appears that the decryption only exists in the DefaultMaven.java (wagon dispatch) today. I'm adding it to AbstractScmMojo.java (conditionally) so that in Maven 2.1 or higher we can encrypt SCM passwords. Full description of the process and code changes: http://ambientideas.com/blog/index.php/2009/08/encrypted-scm-passwords-in-maven/ Patch attached.
Hide
Permalink
Matthew McCullough added a comment -

Brett Porter indicated in the comments on this blog page that SCM settings could be encrypted, but I'm not finding that to be the case (just wagon server passwords seem to decrypt in Maven 2.2). Let me know if I overlooked something in the 1.3-SNAPSHOT line of SCM plugin code...

http://blogs.steeplesoft.com/the-maven-release-plugin-is-pretty-slick/

Show
Matthew McCullough added a comment - Brett Porter indicated in the comments on this blog page that SCM settings could be encrypted, but I'm not finding that to be the case (just wagon server passwords seem to decrypt in Maven 2.2). Let me know if I overlooked something in the 1.3-SNAPSHOT line of SCM plugin code... http://blogs.steeplesoft.com/the-maven-release-plugin-is-pretty-slick/
Hide
Permalink
Brett Porter added a comment -

that comment was about development in general - it won't apply to SCM, but I think it's great for plugins and other Maven systems to start hooking into that if it can.

Show
Brett Porter added a comment - that comment was about development in general - it won't apply to SCM, but I think it's great for plugins and other Maven systems to start hooking into that if it can.
Hide
Permalink
Benjamin Bentmann added a comment -

Added in r1069164.

Show
Benjamin Bentmann added a comment - Added in r1069164.
Hide
Permalink
Dan Tran added a comment -

are we going to provide the same feature for maven-release-plugin?

Show
Dan Tran added a comment - are we going to provide the same feature for maven-release-plugin?
Hide
Permalink
Benjamin Bentmann added a comment -

See the issue links.

Show
Benjamin Bentmann added a comment - See the issue links.

People

Vote (9)
Watch (10)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Codehaus. Try JIRA - bug tracking software for your team.