Maven settings.xml masking password

Masking Passwords in Maven Settings.xml

As part of your development process, you have to provide the repository information in a settings.xml.  Along with the repository information, you are required to provide the user name and the password.

 

The repository server name and user name if in clear text pose no security dangers. But the clear text password can be dangerous if some one peeks at your settings.xml while you left your computer unlocked for a 5 mins coffee break.

 

Referencehttp://maven.apache.org/guides/mini/guide-encryption.html

Maven Password Encryption

 

Steps:

Let us assume you have multiple repositories for which you have different passwords. Irrespective of how many passwords you have, you need to create a master password.

 

  1. Create a master password and encrypt it.
  2. Create a ~/.m2/settings-security.xml file
  3. Encrypt your password

Step 1:  Create a master password and encrypt it

 

$> mvn --encrypt-master-password  somemasterpassword
{nDpn1bE1vX4HABCDEFGOriBubJhppqAOuy4=}

 

 

Please remember to change "somemasterpassword" to whatever master password you want to remember

Step 2: Create a  ~/.m2/settings-security.xml file

 

Transfer the encrypted master password into this file.

 

<settingsSecurity>
  <master>{jSMOWnoPFgsHVpMvz5VrIt5kRbzGpI8u+9EF1iFQyJQ=}</master>
</settingsSecurity> 

 

Step 3: Encrypt your repository password. You can encrypt as many passwords as you please.

 

 

mvn --encrypt-password  mysweetlittlepassword
{X/Mnlwkfm90HVsadbsadsadlsakdsalfdlfdhfldsfldslE3LQ8g4=}

 

Now you can use this encrypted password as your server password instead of the clear text password.