Uploaded image for project: 'Maven'
  1. Maven
  2. MNG-7176

Resolve actual location of security-settings.xml

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.8.1
    • Fix Version/s: waiting-for-feedback
    • Component/s: None
    • Labels:
      None

      Description

      The documentation is fairly clear about how to encrypt passwords in `settings.xml`

      However, Maven (still, as of 3.8.1) appears to use `plexus-sec-dispather:1.4` which specs the location as `~/.security-settings.xml`
      Work with an injected `Settings` in a Maven plugin leads me to believe that passwords aren't decrypted unless you're inside a wagon component, which I guess makes sense but not for my purposes. So I used a `SecDispatcher` in this code to decrypt the passwords. But it failed because it expected the config for security to be at `~/.security-settings.xml`

      Some other issue querying leads me to believe that my workaround (symlinking /.m2/security-settings.xml` to `/.security-settings.xml` is the rightest answer I can arrive at.  This appears to work, but isn't part of the documentation.
      Other queries appear to believe that the peer to settings.xml in ~/.m2 is the actual "right" location.

      I was unable to locate an issue or definitive answer to this question, which leads me to believe that the documentation isn't accurate.

      Note that I would be very happy to submit a doc PR if I know what the right answer was

       

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              mykelalvis Mykel Alvis
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: