How to Encrypt your Maven Password

scottshipp on September 10, 2018

Although Maven documentation has a whole page on their password encryption feature, it doesn't actually tell you how to do what you need to do to... [Read Full]
markdown guide
 

Hi,
based on your article I assume there is something in the documentation is not that clear as it should be. This means there is room for improvement.

It would be great if you could create a pull request to fix the issue in the documentation if you like.

If you don't like it is ok too.

Apart from that your article is explaining it very well.

Kind regards
Karl Heinz Marbaise
Apache Maven PMC

 

Hi, thanks for the tutorial. What I don't get is what are the benefits of this approach? If someone has access to your settings xml file, wouldn't they also have access to your security-settings.xml? Both are in .m2 according to your tutorial.

 

Hi Ivan,

the location for settings.xml and security-settings.xml is by default your home directory ($HOME/.m2/) which is by default secured by your login (username/password). This is the first barrier and the second one of course is, as Scott wrote is that in none of them is a clear text password.

Kind regards
Karl Heinz Marbaise

 

With this approach, neither the settings.xml nor the security-settings.xml have a clear-text password. Both of the strings inside them are encrypted, and the actual passwords are known only to the user.

 

Ah, ok. So you are prompted for the master password when you try to get a dependency from your repo?

code of conduct - report abuse