Details
-
Wish
-
Status: Closed
-
Major
-
Resolution: Auto Closed
-
None
-
None
-
None
Description
To automate usage of the GPG plugin, it is needed to provide the key store password as a command line argument. This implies that (a) a potential (automatic) user must use explicity CLI arguments and cannot rely on the POM as the one-and-only place to store all build configuration, and (b) everybody can read that password when inspection the build automation configuration.
Maven has the technology to encrypt passwords using a master password (and have that one stored on a detachable USB token in encrypted way). Maven's documentation only contains examples how to use that with repository accounts.
It would be pretty cool if the GPG plugin could use that encrypted tokens, i. e. what I would see as the optimal solution is that Maven can use encrypted tokens anywhere in the POM as a variable, and that the GPG plugin can read the key store password from the POM. In combination this would allow to solve problems (a) and (b): The sole configuration location is the POM, and the password is encrypted.
Attachments
Issue Links
- is related to
-
MGPG-31 Integrate w/ Maven password encryption to avoid need to type passphrase
- Closed