Uploaded image for project: 'Maven'
  1. Maven
  2. MNG-553

Secure Storage of Server Passwords


    • Type: New Feature
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.0-alpha-3
    • Fix Version/s: 2.1.0, 3.0-alpha-3
    • Component/s: Settings
    • Labels:
    • Environment:
      Although it may not be relevant since this is a general improvement issue, Windows XP, JDK 1.4.1.


      This was a question pose to the Maven User's Group and it was suggested I add it here.

      It would be benefitial to provide a more secure means of storing password's to the servers listed in the .m2/settings.xml. They are currently being stored as plain text and could definately be considered a security breach. Numerous organizations would undoubtedly considered this an unacceptable security risk, and this could prevent widespread adoption of Maven2.

      I would suggest leaving an option to encrypt the password into the settings file (more secure, but not foolproof) or even requiring the password to be manually provided per build (would prevent automation of builds). I am sure that there is a secure solution to this problem and it should be part of the 2.0 release.


        1. MNG-553.patch
          1 kB
          Benjamin Bentmann

          Issue Links

          There are no Sub-Tasks for this issue.



              • Assignee:
                olle olle
                porterhouse91 J. Michael McGarr
              • Votes:
                40 Vote for this issue
                32 Start watching this issue


                • Created: