Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Not A Problem
-
None
-
None
-
None
Description
Hi,
I've installed two Maven instances (3.5.4 and 2.2.1) in a production environment. For security reasons, we want the passwords of the Nexus server where Maven can take or deploy libraries to be encrypted. To achieve that, I have used the feature that Maven offers related to Password encryption: https://maven.apache.org/guides/mini/guide-encryption.html
These are the steps I have followed:
With Maven 3.5.4 I've executed
mvn --encrypt-master-password <password>
I've pasted the master encrypted password in ${user.home}/.m2/settings-security.xml, following the syntax that is indicated.
Then, I've created, with Maven 3.5.4, the server password
mvn --encrypt-password <password>
And I've pasted it in the settings.xml file of Maven 3.5.4 and Maven 2.2.1.
Then, when trying to download artifacts, I've realised that the only version that I can use to download libraries from Nexus is 3.5.4, but not 2.2.1. I suppose this is because all commands to generate the master and server passwords have been executed with Maven 3.5.4 but, given that we must use two different versions of Maven, is there any way to generate passwords for these two versions so they are able to download or deploy artifacts using only encrypted passwords? I've tried to include two master passwords in the settings-security.xml file, but it seems that this is not allowed. Do you know any solution to achieve this?
Thanks for your attention,
Regards.