Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Cannot Reproduce
-
3.8.1
-
None
-
None
-
None
Description
The documentation is fairly clear about how to encrypt passwords in `settings.xml`
However, Maven (still, as of 3.8.1) appears to use `plexus-sec-dispather:1.4` which specs the location as `~/.security-settings.xml`
Work with an injected `Settings` in a Maven plugin leads me to believe that passwords aren't decrypted unless you're inside a wagon component, which I guess makes sense but not for my purposes. So I used a `SecDispatcher` in this code to decrypt the passwords. But it failed because it expected the config for security to be at `~/.security-settings.xml`
Some other issue querying leads me to believe that my workaround (symlinking /.m2/security-settings.xml` to `/.security-settings.xml` is the rightest answer I can arrive at. This appears to work, but isn't part of the documentation.
Other queries appear to believe that the peer to settings.xml in ~/.m2 is the actual "right" location.
I was unable to locate an issue or definitive answer to this question, which leads me to believe that the documentation isn't accurate.
Note that I would be very happy to submit a doc PR if I know what the right answer was