maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Scholte (JIRA)" <>
Subject [jira] (MRELEASE-846) m2 release plugin exposes SCM password in file
Date Wed, 04 Sep 2013 21:41:52 GMT


Robert Scholte commented on MRELEASE-846:

I would expect that this is possible if the Jenkins instance has a [master-password|].
This plugin still needs to implement the encryption/decryption methods, but that's not too
I even think this should always be done if there's a master-password.
> m2 release plugin exposes SCM password in file
> -----------------------------------------------------------------
>                 Key: MRELEASE-846
>                 URL:
>             Project: Maven Release Plugin
>          Issue Type: Bug
>            Reporter: Mark Maun
> When executing a maven release build using the m2 release plugin in Jenkins a
file is created in the workspace that has the SCM user/password credentials in plain text.
In our jenkins instance this is a problem since we have multiple users with access to release
the same job. The is removed after the release build is successful. If
the release build fails the stays in the workspace until it's manually
deleted. This allows other users to see SCM passwords in our organization if they view the
workspace during a release build or after one fails.
> 4
> If anyone has viable workarounds/solutions we can use in the meantime that would also
be appreciated.
> Note I have a ticket open with Jenkins dev but they deferred me here:

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message