Version 2
Created by anil.saldhana on Apr 23, 2010 5:31 PM. Last modified by anil.saldhana on Apr 23, 2010 5:55 PM.

    Masking Passwords in Maven Settings.xml

    As part of your development process, you have to provide the repository information in a settings.xml.  Along with the repository information, you are required to provide the user name and the password.

     

    The repository server name and user name if in clear text pose no security dangers. But the clear text password can be dangerous if some one peeks at your settings.xml while you left your computer unlocked for a 5 mins coffee break.

     

    Referencehttp://maven.apache.org/guides/mini/guide-encryption.html

    Maven Password Encryption

     

    Steps:

    Let us assume you have multiple repositories for which you have different passwords. Irrespective of how many passwords you have, you need to create a master password.

     

    1. Create a master password and encrypt it.
    2. Create a ~/.m2/settings-security.xml file
    3. Encrypt your password

    Step 1:  Create a master password and encrypt it

     

    $> mvn --encrypt-master-password  somemasterpassword
{nDpn1bE1vX4HABCDEFGOriBubJhppqAOuy4=}

     

     

    Please remember to change "somemasterpassword" to whatever master password you want to remember

    Step 2: Create a  ~/.m2/settings-security.xml file

     

    Transfer the encrypted master password into this file.

     

    <settingsSecurity>
  <master>{jSMOWnoPFgsHVpMvz5VrIt5kRbzGpI8u+9EF1iFQyJQ=}</master>
</settingsSecurity>

     

    Step 3: Encrypt your repository password. You can encrypt as many passwords as you please.

     

     

    mvn --encrypt-password  mysweetlittlepassword
{X/Mnlwkfm90HVsadbsadsadlsakdsalfdlfdhfldsfldslE3LQ8g4=}

     

    Now you can use this encrypted password as your server password instead of the clear text password.