maven-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brett Porter <br...@apache.org>
Subject Re: password encryption in 2.1.x trunk
Date Mon, 02 Feb 2009 10:09:01 GMT

On 28/01/2009, at 5:48 AM, Oleg Gusakov wrote:

> After a long and interesting discussion last August (http://docs.codehaus.org/display/MAVEN/Secured+Passwords

> ) and several meetings with users, I felt it's overdue to do the  
> actual implementation.
>
> I massaged my old, vintage 2007 code and put it into 2.1.x trunk.

Great! Been much anticipated :)

> * user encrypts a master password with CLI and stores it in ~/.m2/ 
> sec.xml
> ** there is an option to store it on a removable drive and reference  
> that from ~/.m2/sec.xml

Any reason not to use a new field in settings.xml? I think 2.1.x can  
be capable of updating the model version.

>
> * user encrypts server password with CLI ans stores it in settings.xml
> * Maven decrypts the password in memory and everything works like it  
> was before
> ** help:effective-settings (tested) and other tools (did not test  
> though) still show encrypted passwords

Sounds good. BTW, how is the encryption key configured?

What's left before this is releasable as part of 2.1.x?

Cheers,
Brett

--
Brett Porter
brett@apache.org
http://blogs.exist.com/bporter/


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message