ant-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Loughran <ste...@apache.org>
Subject Re: Ant scp / user/password proper management
Date Wed, 07 Nov 2007 14:38:52 GMT
david wrote:
> Hello, use the Query Ant task @: http://www.jera.com/tools/anttasks/. Works quite well
for me when the (ex-COBOL programmer) project manager is looking over your shoulder asking
about the latest build. HTH, David. ;-)
> 
> Bizard Nicolas (KIRO 41) wrote ..
>> Hi all,
>> the ant scp task works great for me, at least to copy zip files.
>> There is still an issue though :
>> how do i manage properly the user/password?
>>
>> So far i found 2 options :
>>

0. pass on the command line. Bad news as this is visible to all users in 
linux?

>> 1) write them in a text file (not really an option, clearly)


Not even on a locked down/encrypted bit of the filesystem?

>> 2) prompt the user. But there is not option to tell ant that the
>> password should not be visible (seen as stars would be perfect).
>>
>> Do you guys have any idea about alternative *standardized* (if possible)
>> solutions.

we use ssh keys with passphrases; properties to set the username, key 
and passphrase, all of which are stored in property files specific to 
the target host (and not in SCM). you go

ant rpminstall -Dhost=arran

and metadata/arran.properties is loaded, containing the information 
needed to unlock the ssh keys.

Yes, someone with physical access to the box gets those keys. But on my 
laptop, the specific directories are encrypted with NTFS encryption, and 
the keys hidden in the TPM. They need to log on as me and know the 
separate TPM password to get in. IF I were extra paranoid, I'd keep them 
on a USB key

-- 
Steve Loughran                  http://www.1060.org/blogxter/publish/5
Author: Ant in Action           http://antbook.org/

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@ant.apache.org
For additional commands, e-mail: user-help@ant.apache.org


Mime
View raw message