Re: Maven Resolver question regarding CollectRequest and mirrors

2017-03-17 Thread Laird Nelson
On Fri, Mar 17, 2017 at 4:01 PM Laird Nelson wrote: > Nevertheless, I note that when I call > repositorySystem.resolveDependencies(repositorySystemSession, > dependencyRequest) (already excerpted above), the mirrors I've so > painstakingly installed into the session do not

Maven Resolver question regarding CollectRequest and mirrors

2017-03-17 Thread Laird Nelson
I'm proceeding further on my journey to do damage with the maven-resolver series of projects (https://maven.apache.org/resolver/) in a way that looks like Maven but doesn't use Maven itself (only these dependency resolution components). As I mentioned in some earlier posts to this list, I'm

Re: Maven password encryption by project

2017-03-17 Thread Jim Klo
As others have mentioned, you shouldn’t be storing passwords in a POM. I as well don’t have a great corporate solution that works for secrets management for maven. My solution has been to use Environment Variables - which basically follows the same pattern that AWS, Docker, Vagrant and

Gentoo packaging / reproducibility of Maven-based Java projects

2017-03-17 Thread Curtis Rueden
Hello Maven aficionados! I am currently discussing on GitHub with one of the Gentoo packagers the possibility of packaging my group's Maven-based projects for Gentoo. The relevant issue is here: https://github.com/imagej/imagej/issues/162 However, the issues are hardly unique to my

Re: Maven password encryption by project

2017-03-17 Thread Alix Lourme
Hi Karl Heinz, Charles, Justin, Curtis Many thanks for your feedbacks. [Karl Heinz] I would suggest to put them into the settings.xml file outside > your pom file, cause the pom file will be checked in into version control > system.. > I agree it is the most simple way, but if all users (and

Re: Maven password encryption by project

2017-03-17 Thread Curtis Rueden
Hi Alix, For what it's worth, here is how the ImageJ project does it for Travis CI builds: https://github.com/imagej/imagej/blob/2bfd8a23a5ff427fabe12ea3f7114604e8485a75/.travis.yml https://github.com/imagej/imagej/blob/2bfd8a23a5ff427fabe12ea3f7114604e8485a75/.travis/build.sh

RE: [EXTERNAL] Maven password encryption by project

2017-03-17 Thread Justin Georgeson
You might want to look into secrets management tools such as Vault from HashiCorp and KeyWhiz from Square. -Original Message- From: Alix Lourme [mailto:alix.lou...@gmail.com] Sent: Friday, March 17, 2017 8:39 AM To: Maven Users List Subject: [EXTERNAL] Maven

Re: Maven password encryption by project

2017-03-17 Thread Charles Honton
It sounds as though you wish to share a credential set amount multiple users. This is an example of what the security community calls “a bad idea”. > On Mar 17, 2017, at 6:38 AM, Alix Lourme wrote: > > Dear community, > > I'm searching the best practice for password

Re: Maven password encryption by project

2017-03-17 Thread Karl Heinz Marbaise
Hi, I would never put passwords etc. into a pom file. encrypted or not... I would suggest to put them into the settings.xml file outside your pom file, cause the pom file will be checked in into version control system.. On 17/03/17 14:38, Alix Lourme wrote: Dear community, I'm searching

Maven password encryption by project

2017-03-17 Thread Alix Lourme
Dear community, I'm searching the best practice for password encryption in a maven POM file *by project*, could by used by properties (like in ANT or WAGON). Sample : --- maven-antrun-plugin 1.8 --- In this case, my