maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Scholte (JIRA)" <j...@codehaus.org>
Subject [jira] (MPH-86) Hide passwords for effective-pom
Date Sat, 02 Feb 2013 14:43:13 GMT

    [ https://jira.codehaus.org/browse/MPH-86?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=318539#comment-318539
] 

Robert Scholte commented on MPH-86:
-----------------------------------

The difference between the {{Settings}} and {{MavenProject}} is that for Settings we know
which fields contain a password. For a pom it is either a property or a configuration-field.
For configuration there might be a solution if a plugin developer could specify which field
values should be hidden. That option is not there and could be quite complex.
For properties I don't see a solution. I don't want to add some magic basic on a naming convention.

The best solution is to use {{<server>}}-entries in the {{settings.xml}}. Both the {{maven-scm-plugin}}
and {{maven-release-plugin}} are capable to get the username+password based on a server id,
so you can even encrypt your password.
                
> Hide passwords for effective-pom
> --------------------------------
>
>                 Key: MPH-86
>                 URL: https://jira.codehaus.org/browse/MPH-86
>             Project: Maven 2.x Help Plugin
>          Issue Type: Bug
>    Affects Versions: 2.1.1
>         Environment: Apache Maven 3.0.3 (r1075438; 2011-02-28 18:31:09+0100)
> Maven home: C:\Program Files (x86)\RscApplications\Maven3\bin\..
> Java version: 1.6.0, vendor: IBM Corporation
> Java home: C:\programs\ejbdeploy_base_v7\java\jre
> Default locale: de_DE, platform encoding: Cp1252
> OS name: "windows 7", version: "6.1 build 7601 service pack 1", arch: "x86", family:
"windows"
>            Reporter: Stefan Cordes
>
> Executing
> {{mvn help:effective-pom -Doutput=pom-effective.txt}}
> with
> {code:xml}
> <profiles>
>    <profile>
>         <id>default</id>
>         <activation>
>         <activeByDefault>true</activeByDefault>
>         </activation>
>         <properties>
>                 <maven.scm.username>MyUserId</maven.scm.username>
>                 <maven.scm.password>MyVerySecretPassword</maven.scm.password>
>         </properties>
>    </profile>
> </profiles>
> </settings>
> {code}
> in 
> {{%userprofile%\.m2\settings.xml}}
> results in an pom-effective.txt
> which contains
> {code:xml}
>         <properties>
>                 <maven.scm.username>MyUserId</maven.scm.username>
>                 <maven.scm.password>MyVerySecretPassword</maven.scm.password>
>         </properties>
> {code}
> As (in our case) the pom-effective.txt should be checked in version control system for
later debug support we strongly need to hide the password analog to 
> "MPH-44 Hide passwords for effective-settings":
> {code:xml}
>         <properties>
>                 <maven.scm.username>MyUserId</maven.scm.username>
>                 <maven.scm.password>***</maven.scm.password>
>         </properties>
> {code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://jira.codehaus.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message