Uploaded image for project: 'Maven Deploy Plugin'
  1. Maven Deploy Plugin
  2. MDEPLOY-129

Need a way to specify repository credentials securely for deploy operations

    XMLWordPrintableJSON

    Details

      Description

      Currently, credentials for performing a deployment must be specified in the settings.xml. However, if a Maven repository is set to use LDAP for its authentication mechanism, this means exposing domain security credentials in plaintext in a static file on the hard drive and is extremely insecure (as specified in the documentation: "Unfortunately, Maven doesn't currently support hashed or encrypted passwords in the settings.xml"). This is simply not workable in a secure environment, e.g. government, defense, financial, etc.

      Instead there should be an option to provide these credentials on the command line or using hash or encryption algorithms.

        Attachments

          Activity

            People

            • Assignee:
              rfscholte Robert Scholte
              Reporter:
              rherrick Rick Herrick
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: