[MDEPLOY-129] Need a way to specify repository credentials securely for deploy operations - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Cannot Reproduce
Affects Version/s: 2.4, 2.5
Fix Version/s: None
Component/s: deploy:deploy-file
Labels:
- contributers-welcome
- documentation
Environment:
All

Description

Currently, credentials for performing a deployment must be specified in the settings.xml. However, if a Maven repository is set to use LDAP for its authentication mechanism, this means exposing domain security credentials in plaintext in a static file on the hard drive and is extremely insecure (as specified in the documentation: "Unfortunately, Maven doesn't currently support hashed or encrypted passwords in the settings.xml"). This is simply not workable in a secure environment, e.g. government, defense, financial, etc.

Instead there should be an option to provide these credentials on the command line or using hash or encryption algorithms.

Attachments

Activity

People

Assignee:: Robert Scholte

Reporter:: Rick Herrick

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 23/Feb/11 09:36

Updated:: 27/May/13 16:22

Resolved:: 27/May/13 16:22