maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Osipov (JIRA)" <>
Subject [jira] [Closed] (MGPG-47) Support for Maven Password Encryption
Date Fri, 16 Mar 2018 22:40:27 GMT


Michael Osipov closed MGPG-47.
    Resolution: Auto Closed

This issue has been auto closed because it has been inactive for a long period of time. If
you think this issue still applies, retest your problem with the most recent version of Maven
and the affected component, reopen and post your results.

> Support for Maven Password Encryption
> -------------------------------------
>                 Key: MGPG-47
>                 URL:
>             Project: Maven GPG Plugin
>          Issue Type: Wish
>            Reporter: Markus Karg
>            Priority: Major
> To automate usage of the GPG plugin, it is needed to provide the key store password as
a command line argument. This implies that (a) a potential (automatic) user must use explicity
CLI arguments and cannot rely on the POM as the one-and-only place to store all build configuration,
and (b) everybody can read that password when inspection the build automation configuration.
> Maven has the technology to encrypt passwords using a master password (and have that
one stored on a detachable USB token in encrypted way). Maven's documentation only contains
examples how to use that with repository accounts.
> It would be pretty cool if the GPG plugin could use that encrypted tokens, i. e. what
I would see as the optimal solution is that Maven can use encrypted tokens anywhere in the
POM as a variable, and that the GPG plugin can read the key store password from the POM. In
combination this would allow to solve problems (a) and (b): The sole configuration location
is the POM, and the password is encrypted.

This message was sent by Atlassian JIRA

View raw message